jQuery：设置用于Django的CSRF令牌不工作 [英] jQuery: setting up CSRF token for Django not working

问题描述

我的 jQuery 函数看起来像

$(function() {
    // activate "New" buttons if input is not empty
    $('form input[type="text"]').live('keyup', function() {
        var val = $.trim(this.value);
        $(this).next("button").prop('disabled', val.length === 0);
    });

    $("body").on("submit","form",function(e){
        // do not submit the form
        e.preventDefault();

        // handle everything yourself
        var $form = $(this);
        var title = $form.closest('.video-detail').find('.title').text();
        var entryTitle = $form.find('.input-small').val();
        console.debug(title);
        console.debug(entryTitle);  

        $.ajaxSetup({ 
             beforeSend: function(xhr, settings) {
                 function getCookie(name) {
                     var cookieValue = null;
                     if (document.cookie && document.cookie != '') {
                         var cookies = document.cookie.split(';');
                         for (var i = 0; i < cookies.length; i++) {
                             var cookie = jQuery.trim(cookies[i]);
                             // Does this cookie string begin with the name we want?
                         if (cookie.substring(0, name.length + 1) == (name + '=')) {
                             cookieValue = decodeURIComponent(cookie.substring(name.length + 1));
                             break;
                         }
                     }
                 }
                 return cookieValue;
                 }
                 if (!(/^http:.*/.test(settings.url) || /^https:.*/.test(settings.url))) {
                     // Only send the token to relative URLs i.e. locally.
                     xhr.setRequestHeader("X-CSRFToken", getCookie('csrftoken'));
                 }
             } 
        }); 

        // send the data to the server using .ajax() or .post()
        $.ajax({
            type: 'POST',
            url: 'addVideo',
            data: {
                video_title: title,
                csrfmiddlewaretoken: '{{ csrf_token }}'
                },
        }).done(function(){
            alert('done');
        });
    });
});

这是基于答案 Django CSRF检查失败，使用Ajax POST请求

我的 html 看起来像

<form class="new-playlist form-inline" onclick="event.stopPropagation()">{% csrf_token %}
    <input type="text" class="input-small">
    <button class="btn btn-danger create-playlist-button" type="submit" disabled="disabled">New</button>
</form>

当我在Firefox中调试代码时，我看到帖子值为

When I debug the code in Firefox, I see post values as

csrfmiddlewaretoken {{ csrf_token }}
video_title The Who - Who Are You?

如何填充 {{csrf_token}} 值？

谢谢

推荐答案

在我的情况下有一个模板，我不想要一个< form>< / form> 元素。但是我仍然想使用jQuery来制作AJAX POST请求。

In my case I have a template in which I don't want to have a <form></form> element. But I still want to make AJAX POST requests using jQuery.

由于CSRF cookie为null，因此我有403个错误，即使我遵循django文档（ https://docs.djangoproject.com/en/1.5/ref/contrib/csrf/ ）。解决方案在同一页面，提到 ensure_csrf_cookie 装饰器。

I got 403 errors, due to CSRF cookie being null, even if I followed the django docs (https://docs.djangoproject.com/en/1.5/ref/contrib/csrf/). The solution is in the same page, mentioning the ensure_csrf_cookie decorator.

我添加了CSRF cookie这在我的 views.py 的顶部：

My CSRF cookie did get set when I added this at the top of my views.py:

from django.views.decorators.csrf import ensure_csrf_cookie
@ensure_csrf_cookie

另请注意，在这种情况下您不需要标记/模板中的DOM元素： {％csrf_token％}

Also, please note that in this case you do not need the DOM element in your markup / template: {% csrf_token %}

这篇关于jQuery：设置用于Django的CSRF令牌不工作的文章就介绍到这了，希望我们推荐的答案对大家有所帮助，也希望大家多多支持IT屋！