执行PUT请求时的HTTP 403 [英] HTTP 403 while executing a PUT request
问题描述
我正在创建一个django rest api,我正在尝试使用HttpUrlConnection从Android设备通过PUT请求发送JSON数据。
I am creating a django rest api, and I'm trying to send JSON data via PUT request from an Android device, using HttpUrlConnection.
URL url = new URL(myurl);
conn = (HttpURLConnection) url.openConnection();
conn.setReadTimeout(10000 /* milliseconds */);
conn.setConnectTimeout(15000 /* milliseconds */);
conn.setRequestMethod("PUT");
conn.setDoInput(true);
conn.setDoOutput(true);
conn.setRequestProperty("Content-Type", "application/json; charset=UTF-8");
conn.setRequestProperty("Accept", "application/json");
Log.v("Apiput", MainActivity.cookieManager.getCookieStore().getCookies().get(0).toString());
conn.connect();
if(conn.getResponseCode() != 200) {
return "" + conn.getResponseCode();
}
OutputStreamWriter osw = new OutputStreamWriter(conn.getOutputStream());
osw.write(put);
osw.flush();
osw.close();`
我知道我必须发送一个csrf令牌,但我认为我已经发送了它。
通过检查我的请求中的META,我可以在标题和cookie中看到csrf标记:
I know I have to send a csrf token, but I think that I'm sending it already. By examining the META in my request I can see the csrf token both in headers and cookies:
'HTTP_COOKIE':'csrftoken = 3jLNzfLIu1P5dBH4WWwggHMH7oDQC7Rx;'
在我的Android设备中,我有一个CookieManager,表示csrf cookie具有相同的值。
And in my android device i have a CookieManager that says that the csrf cookie has the same value.
V / Apiput:csrftoken = 3jLNzfLIu1P5dBH4WWwggHMH7oDQC7Rx
我得到了403(Forbidden)除了用户之外的Http错误已经过身份验证(我可以进行GET请求)
I am getting a 403 (Forbidden) Http error besides the user is authenticated (I can make GET Requests)
[26 / Sep / 2015 00:16:04 ]PUT / api / works / 34 / HTTP / 1.1403 58
使用curl我可以毫无问题地发送请求,使用相同的用户凭证。
With curl I am able to send the request without any problem, with the same user credentials.
我想知道是否有人可以告诉我我做错了什么。
I wonder if anyone can tell me what am I doing wrong.
谢谢。
推荐答案
如果您正在对Django REST框架进行JSON调用,则不必设置cookie。
如果你能提供与视图相关的权限,它肯定会有所帮助。
You don't have to set the cookie if you're doing a JSON call to Django REST framework. It would definitively help if you can provide the permissions associated to the view.
这篇关于执行PUT请求时的HTTP 403的文章就介绍到这了,希望我们推荐的答案对大家有所帮助,也希望大家多多支持IT屋!
