Django的，安全登录使用Ajax从http页面 [英] Django, Secure Login with Ajax from Http page

问题描述

我通过AJAX登录的用户从一个Http页面。我提出请求到安全（HTTPS）页面。我的问题是，我没有收到答复，因为（我认为）我的看法功能的Htt的presponse对象返回到HTTPS页面（我的用户仍处于HTTP）。

I log in users from a Http page via ajax. I'm making the request to a secure (https) page. My issue is that I'm not receiving a response because (I assume) my view function is returning an HttpResponse object to the https page (my user is still at http).

下面是code

  @secure_required      
  def login_async(request):
      if request.method=='POST':
         email=request.POST.get('email', '')
          try:
            user=User.objects.get(email__exact=email)
            username=user.username

          except User.DoesNotExist:
             username=''

      password=request.POST.get('password', '')


      user=auth.authenticate(username=username, password=password)
      if user is not None:
        auth.login(request,user)
        user_status=1
        user_fname=user.first_name


       user_data=[{'user_status':user_status, 'user_fname':user_fname,'user_favorite':user_favorite,'flag_record':flag_record, 'message_sent':message_sent,'is_post_owner':is_post_owner}]
       json_data=json.dumps(user_data)
       response=HttpResponse()
       response['Content-Type']="text/javascript"
       response.write(json_data)
       return response  
     else:  
        user_data=[{'user_status':user_status}]
        json_data=json.dumps(user_data)
        response=HttpResponse()
        response['Content-Type']="text/javascript"
        response.write(json_data)
        return response 

  else:
    user_data=[{'user_status':"0"}]                         

           json_data=json.dumps(user_data)
        response=HttpResponse()
        response['Content-Type']="text/javascript"
        response.write(json_data)
        return response 

为什么不干脆让整个页面HTTPS，你问？好问题。我在和制作资料Tweet按钮HTTPS兼容的一些问题。

Why not just make the whole page https, you ask? Good question. I was having some issues with making the Tweet Button https compatible.

感谢

推荐答案

如果你检查你的浏览器发送过网，你会看到，它不是岗位作为你想，但OPTIONS请求。它造成的，因为HTTPS XHTT prequest（AJAX）的HTTP页面处理方式相同跨域，检查<一href="http://stackoverflow.com/questions/1743845/jquery-i-get-options-request-instead-of-get">jQuery:我得到OPTIONS请求GET ，而不是对处理这个问题的答案。

If you'd check what your browser is sending over the net you'd see that it's not POST as you wanted but OPTIONS request. It's caused because https XHTTPRequest (AJAX) from http page is treated same way as cross-domain, check jQuery: I get OPTIONS request instead of GET for answer on handling that.

还有一件事，全：

json_data=json.dumps(user_data)
response=HttpResponse()
response['Content-Type']="text/javascript"
response.write(json_data)
return response

可能只是改为：

Could be replaced just by:

return HttpResponse(json.dumps(user_data), mimetype='text/javascript')

这篇关于Django的，安全登录使用Ajax从http页面的文章就介绍到这了，希望我们推荐的答案对大家有所帮助，也希望大家多多支持IT屋！