AJAX 调用 returns CSRF 失败
AJAX call returns CSRF Failed
我正在 Typescript 中执行 ajax 调用,它会调用内部 Web 服务。 "GET" 的所有端点都在工作,但是 "POST" 它说
"403 Forbidden" - "detail: CSRF Failed: CSRF cookie not set"
我尝试解决的问题:
- Followed https://docs.djangoproject.com/ko/1.11/ref/csrf/
- Tryed to delete 'django.middleware.csrf.CsrfViewMiddleware'
- Tryed @csrf_exempt
这一切都不起作用,每次仍然出现相同的错误。
这是我在 Typescript 中的代码:
sendMessage(message, receiverId){
let self = this;
var message_obj = "{\"id\":\""+ GUID.generateGUID() +"\",\"message\":\""+ message +"\",\"receiverId\":\""+ receiverId + "\",\"moddate\":\""+ Date.now() +"\"}";
var message_json = JSON.parse(message_obj);
$.ajax({
type: "POST",
url: "/chat/message/",
data:{"message_object":message_json},
credentials: 'same-origin',
success: function (response) {
alert(response);
},
error: function (jqXHR, textStatus, errorThrown) {
alert(errorThrown);
}
})
}
这是工作 ajax 调用的示例:
getMessages(){
let self = this;
$.ajax({
type: "GET",
url: "/chat/message/",
dataType: "json",
success: function (response) {
response = JSON.stringify(response);
alert(response);
},
error: function(jqXHR, textStatus, errorThrown){
alert(errorThrown);
}
})
}
编辑:
这是我尝试使用的地方 csrf_exempt:
URLS.PY
from django.conf.urls import url
from django.views.decorators.csrf import csrf_exempt
from chat_api import views
urlpatterns = [
url(r'^message/$', csrf_exempt(views.ChatMessageAPIEndpoint.as_view())),
url(r'^message/(?P<commit>([0-9a-fA-F])+)', csrf_exempt(views.ChatMessageAPIEndpoint.as_view())),
url(r'^devicekey/(?P<devid>([\w+-:])+)', views.DeviceAPIEndpoint.as_view()),
url(r'^devicekey/$', views.DeviceAPIEndpoint.as_view()),
url(r'^contacts/$', views.ContactAPIEndpoint.as_view()),
url(r'^read/$', views.ReadStatusEndpoint.as_view()),
]
VIEWS.PY
@csrf_exempt
@need_post_parameters([PARAM_MESSAGE_OBJ])
def post(self, request, *args, **kwargs):
data = request.POST.get(PARAM_MESSAGE_OBJ)
try:
message_obj = json.loads(data)
except Exception as e:
return HttpResponseBadRequest(error_json("Could not parse JSON"))
...
我发现了错误,我会 post 在这里指出相同的错误:
我的 类 在 Views.py 中使用 "Oauth2APIView"!
将其更改为 "View" 确实解决了我的问题!
我正在 Typescript 中执行 ajax 调用,它会调用内部 Web 服务。 "GET" 的所有端点都在工作,但是 "POST" 它说
"403 Forbidden" - "detail: CSRF Failed: CSRF cookie not set"
我尝试解决的问题:
- Followed https://docs.djangoproject.com/ko/1.11/ref/csrf/
- Tryed to delete 'django.middleware.csrf.CsrfViewMiddleware'
- Tryed @csrf_exempt
这一切都不起作用,每次仍然出现相同的错误。
这是我在 Typescript 中的代码:
sendMessage(message, receiverId){
let self = this;
var message_obj = "{\"id\":\""+ GUID.generateGUID() +"\",\"message\":\""+ message +"\",\"receiverId\":\""+ receiverId + "\",\"moddate\":\""+ Date.now() +"\"}";
var message_json = JSON.parse(message_obj);
$.ajax({
type: "POST",
url: "/chat/message/",
data:{"message_object":message_json},
credentials: 'same-origin',
success: function (response) {
alert(response);
},
error: function (jqXHR, textStatus, errorThrown) {
alert(errorThrown);
}
})
}
这是工作 ajax 调用的示例:
getMessages(){
let self = this;
$.ajax({
type: "GET",
url: "/chat/message/",
dataType: "json",
success: function (response) {
response = JSON.stringify(response);
alert(response);
},
error: function(jqXHR, textStatus, errorThrown){
alert(errorThrown);
}
})
}
编辑:
这是我尝试使用的地方 csrf_exempt:
URLS.PY
from django.conf.urls import url
from django.views.decorators.csrf import csrf_exempt
from chat_api import views
urlpatterns = [
url(r'^message/$', csrf_exempt(views.ChatMessageAPIEndpoint.as_view())),
url(r'^message/(?P<commit>([0-9a-fA-F])+)', csrf_exempt(views.ChatMessageAPIEndpoint.as_view())),
url(r'^devicekey/(?P<devid>([\w+-:])+)', views.DeviceAPIEndpoint.as_view()),
url(r'^devicekey/$', views.DeviceAPIEndpoint.as_view()),
url(r'^contacts/$', views.ContactAPIEndpoint.as_view()),
url(r'^read/$', views.ReadStatusEndpoint.as_view()),
]
VIEWS.PY
@csrf_exempt
@need_post_parameters([PARAM_MESSAGE_OBJ])
def post(self, request, *args, **kwargs):
data = request.POST.get(PARAM_MESSAGE_OBJ)
try:
message_obj = json.loads(data)
except Exception as e:
return HttpResponseBadRequest(error_json("Could not parse JSON"))
...
我发现了错误,我会 post 在这里指出相同的错误:
我的 类 在 Views.py 中使用 "Oauth2APIView"! 将其更改为 "View" 确实解决了我的问题!