csrf从节点js到django的问题 [英] csrf issue from node js to django
问题描述
我想将csrftoken从node.js传递给django。我的server.js中有这个代码
socket.on('unread global', function (data) {
var values=querystring.stringify();
var options = {
hostname:'localhost',
port:'8000',
path:'/chat/global_unread/',
method:'POST',
headers:{
'Content-Type':'application/x-www-form-urlencoded',
'Cookie': 'csrftoken=' + data.csrf,
'Content-Length':values.length
}
}
我的数据来自调用我的server.js的jQuery函数
var datos = { // datos is the data that will be send to Node.js
user: USER_PK_CHAT,
csrf : window.CSRF_TOKEN
};
socket.emit('unread global', datos);
但是最后我总是在我的控制台中收到相同的错误
或失败:
CSRF token missing or incorrect.
一般来说,当有真正的跨站点请求伪造或
In general, this can occur when there is a genuine Cross Site Request Forgery, or when
对于POST表单,您需要
确保:
For POST forms, you need to ensure:
您的浏览器正在接受Cookie ...等等
可以帮助我吗?
Your browser is accepting cookies... so on can sombody help me?
推荐答案
CSRF中间件查找以下COOKIE:
The CSRF middleware looks for the following COOKIE:
request.COOKIES[settings.CSRF_COOKIE_NAME]
并将其与POST csrfmiddlewaretoken进行比较。
And compare it to the POST csrfmiddlewaretoken.
因此,您必须确保对节点的调用在以下位置设置正确的Cookie名称:
So you have to make sure that the call to node sets the correct cookie name in:
'Cookie': 'csrftoken=' + data.csrf`
此外,POST包含一个 csrfmiddlewaretoken
。在javascript中访问COOKIE是安全的,并将其作为正确的令牌发送,只需确保使用CSRF_COOKIE_SECURE。更好的方法通常是让django将令牌作为输入字段,并单独设置cookie。
And also, that the POST includes a csrfmiddlewaretoken
. It's safe to access the COOKIE in javascript and send it as the correct token, just make sure you use CSRF_COOKIE_SECURE. The better way is usually to let django put the token as an input field, and set the cookie separately.
这篇关于csrf从节点js到django的问题的文章就介绍到这了,希望我们推荐的答案对大家有所帮助,也希望大家多多支持IT屋!