SessionAuthentication在Tastypie中是否适用于HTTP POST? [英] Does SessionAuthentication work in Tastypie for HTTP POST?
问题描述
我可以使用GET来处理SessionAuthentication和Tastypie,而不必将 content-type
到 application / json
。 HTTP POST尽管头文件中的Cookie具有会话标识,但仍然失败。它与401授权读者失败,但与授权无关。将SessionAuthentication更改为BasicAuthentication并传递用户名/密码也可以。
I am able to do GET to work with SessionAuthentication and Tastypie without setting any headers except for content-type
to application/json
. HTTP POST however just fails even though the Cookie in the Header has the session id. It fails with a 401 AuthorizationHeader but it has nothing to do with Authorization. Changing SessionAuthentication to BasicAuthentication and passing username/password works too.
有没有人有过SessionAuthentication可以使用Tastypie使用POST?
Has anyone ever got SessionAuthentication to work with POST with Tastypie?
推荐答案
是的,我已经得到了工作。所有你需要做的是传递csfr令牌:
Yes I have gotten it to work. All you need to do is to pass the csfr token:
SessionAuthentication
此认证方案使用内置的
Django会话来检查用户是否被记录。这通常用于与API所在的同一站点上的JavaScript使用的
。
SessionAuthentication
This authentication scheme uses the built-in Django sessions to check if a user is logged. This is typically useful when used by Javascript on the same site as the API is hosted on.
它要求用户已登录&有一个活跃的会话。 他们
也必须有一个有效的CSRF标记。
It requires that the user has logged in & has an active session. They also must have a valid CSRF token.
这是你在jQuery:
This is how you do that in jQuery:
// sending a csrftoken with every ajax request
function csrfSafeMethod(method) {
// these HTTP methods do not require CSRF protection
return (/^(GET|HEAD|OPTIONS|TRACE)$/.test(method));
}
$.ajaxSetup({
crossDomain: false, // obviates need for sameOrigin test
beforeSend: function(xhr, settings) {
if (!csrfSafeMethod(settings.type)) {
xhr.setRequestHeader("X-CSRFToken", $.cookie('csrftoken'));
}
}
});
$.ajax({
type: "POST",
// ...
注意说 $。cookie('csrftoken')
的部分,它从Django设置的cookie中获取csrf令牌。
Notice the part that says $.cookie('csrftoken')
. It gets the csrf token from a cookie that Django sets.
我有一些问题,Django没有在Firefox和Opera上设置cookie,放置模板您的模板中的标签 {%csrf_token%}
可以解决这个问题。正确的解决方案可能是使用装饰器 ensure_csrf_cookie()
。
I had some problems with Django not setting the cookie on Firefox and Opera. Putting the template tag {% csrf_token %}
in your template solves this. The right solution would probably be to use the decorator ensure_csrf_cookie()
.
这篇关于SessionAuthentication在Tastypie中是否适用于HTTP POST?的文章就介绍到这了,希望我们推荐的答案对大家有所帮助,也希望大家多多支持IT屋!