如何使用curl与Django,csrf令牌和POST请求 [英] How to use curl with Django, csrf tokens and POST requests
问题描述
我使用curl测试我的一个Django表单。我尝试过的调用(每个调用都有错误,可读性超过多行):
(1):
curl
-d{\email\:\test@test.com\}
--header X-CSRFToken:[从我的Django应用程序中已经加载的页面的源代码的三重检查值]
--cookiecsrftoken = [same csrf value as above]
http: /127.0.0.1:8083/registrations/register/
(使用http标头和 (2): (如(1)中所示,但在标题属性声明中没有空格,并且在cookie中具有 (3):
curl
-d{a:1}
--headerX-CSRFToken: --cookiecsrftoken = [如上]; sessionid = [从Chrome中的标头检查]
http://127.0.0.1:8083/registrations/register/
sessionid
curl
-d{a:1}
--headerX-CSRFToken:[as above]
http://127.0.0.1:8083 / registrations / register /
(只有http头包含 X-CSRFToken ,没有cookie)导致错误代码403,消息:CSRF cookie未设置。
如何使用curl测试表单?
Damien的回应和您的示例编号2的混合使用了我。我使用一个简单的登录页面来测试,我希望你的注册视图是类似的。 Damien的回复几乎可以工作,但是缺少 sessionid cookie。
我推荐更健壮的方法。不要手动从其他请求中输入Cookie,请尝试使用curl内置的Cookie管理系统来模拟完整的用户互动。这样,您可以减少发生错误的机会:
$ curl -v -c cookies.txt -b cookies.txt host.com/registrations/register/
$ curl -v -c cookies.txt -b cookies.txt -demail=user@site.com& a = 1& csrfmiddlewaretoken =< token from cookies.txt> ; host.com/registrations/register/
第一个curl模拟用户首次到达页面时GET请求,并保存所有必需的Cookie。第二个curl模拟填充表单字段并将其作为POST发送。请注意,您必须根据Damien的建议在POST数据中包含 csrfmiddlewaretoken 字段。
I'm using curl to test one of my Django forms. The calls I've tried (with errors from each, and over multiple lines for readability):
(1):
curl
-d "{\"email\":\"test@test.com\"}"
--header "X-CSRFToken: [triple checked value from the source code of a page I already loaded from my Django app]"
--cookie "csrftoken=[same csrf value as above]"
http://127.0.0.1:8083/registrations/register/
(with http header and csrftoken in cookie) results in a 400 error with no data returned.
(2):
curl
-d "{a:1}"
--header "X-CSRFToken:[as above]"
--cookie "csrftoken=[as above];sessionid=[from header inspection in Chrome]"
http://127.0.0.1:8083/registrations/register/
(as in (1) but no spaces in header property declaration, and with sessionid in cookie too) results in the same 400 error with no data returned.
(3):
curl
-d "{a:1}"
--header "X-CSRFToken:[as above]"
http://127.0.0.1:8083/registrations/register/
(only http header with X-CSRFToken, no cookie) results in error code 403, with message: CSRF cookie not set.
How can I test my form with curl? What factors am I not considering besides cookie values and http headers?
A mixture of Damien's response and your example number 2 worked for me. I used a simple login page to test, I expect that your registration view is similar. Damien's response almost works, but is missing the sessionid cookie.
I recommend a more robust approach. Rather than manually entering the cookies from other requests, try using curl's built in cookie management system to simulate a complete user interaction. That way, you reduce the chance of making an error:
$ curl -v -c cookies.txt -b cookies.txt host.com/registrations/register/
$ curl -v -c cookies.txt -b cookies.txt -d "email=user@site.com&a=1&csrfmiddlewaretoken=<token from cookies.txt>" host.com/registrations/register/
The first curl simulates the user first arriving at the page with a GET request, and all the necessary cookies are saved. The second curl simulates filling in the form fields and sending them as a POST. Note that you have to include the csrfmiddlewaretoken field in the POST data, as suggested by Damien.
这篇关于如何使用curl与Django,csrf令牌和POST请求的文章就介绍到这了,希望我们推荐的答案对大家有所帮助,也希望大家多多支持IT屋!
