在 DRF api 上使用 axios 响应请求会抛出错误 Forbidden(未设置 CSRF cookie。)
React requests with axios on DRF api throws error Forbidden (CSRF cookie not set.)
这是我的 React Js 代码:
export function loginUser({ email, password }, history) {
return (dispatch) => {
axios({
url: URL_LOGIN_BASE,
method: "POST",
headers: {
"Content-Type": "application/json",
"Access-Control-Allow-Origin": "*"
},
// withCredentials: true,
data: { "email": email, "password": password }
}).then(response => {
dispatch(setAuthentification(true));
history.push("/dashboard");
console.log(response);
}).catch(err => {
console.log(err);
});
};
}
这是我的服务器配置 (settings.py):
ALLOWED_HOSTS = [
"127.0.0.1",
"localhost",
"192.168.0.1",
"mockbic.spnnjy4rjm.eu-west-3.elasticbeanstalk.com"
]
CORS_ORIGIN_WHITELIST = (
'localhost:3000',
'127.0.0.1:3000',
)
CORS_ALLOW_HEADERS = (
'accept',
'accept-encoding',
'Access-Control-Allow-Origin',
'authorization',
'content-type',
'dnt',
'origin',
'user-agent',
'x-csrftoken',
'x-requested-with',
'mock-bic-token', # IMPORTANT
)
# Application definition
INSTALLED_APPS = [
"django.contrib.admin",
"django.contrib.auth",
"django.contrib.contenttypes",
"django.contrib.sessions",
"django.contrib.messages",
"django.contrib.staticfiles",
"storages",
"datacollection.apps.DatacollectionConfig",
"corsheaders",
]
所以我有后端错误:禁止(未设置 CSRF cookie。):/
backend error
请问这个问题是最新的,但尝试过的所有解决方案都不能解决我的问题...帮助!
您需要在请求中添加 csrf 令牌 headers。
export function loginUser({ email, password }, history) {
return (dispatch) => {
axios({
url: URL_LOGIN_BASE,
method: "POST",
headers: {
"Content-Type": "application/json",
"Access-Control-Allow-Origin": "*",
"X-CSRFToken" : "TOKEN FROM YOUR COOKIES"
},
// withCredentials: true,
data: { "email": email, "password": password }
}).then(response => {
dispatch(setAuthentification(true));
history.push("/dashboard");
console.log(response);
}).catch(err => {
console.log(err);
});
// 下面的函数 returns 来自 cookie 的 csrftoken。
export const getCsrfToken = () => {
const csrf = document.cookie.match('(^|;)\s*csrftoken\s*=\s*([^;]+)');
return csrf ? csrf.pop() : '';
};
这是我的 React Js 代码:
export function loginUser({ email, password }, history) {
return (dispatch) => {
axios({
url: URL_LOGIN_BASE,
method: "POST",
headers: {
"Content-Type": "application/json",
"Access-Control-Allow-Origin": "*"
},
// withCredentials: true,
data: { "email": email, "password": password }
}).then(response => {
dispatch(setAuthentification(true));
history.push("/dashboard");
console.log(response);
}).catch(err => {
console.log(err);
});
};
}
这是我的服务器配置 (settings.py):
ALLOWED_HOSTS = [
"127.0.0.1",
"localhost",
"192.168.0.1",
"mockbic.spnnjy4rjm.eu-west-3.elasticbeanstalk.com"
]
CORS_ORIGIN_WHITELIST = (
'localhost:3000',
'127.0.0.1:3000',
)
CORS_ALLOW_HEADERS = (
'accept',
'accept-encoding',
'Access-Control-Allow-Origin',
'authorization',
'content-type',
'dnt',
'origin',
'user-agent',
'x-csrftoken',
'x-requested-with',
'mock-bic-token', # IMPORTANT
)
# Application definition
INSTALLED_APPS = [
"django.contrib.admin",
"django.contrib.auth",
"django.contrib.contenttypes",
"django.contrib.sessions",
"django.contrib.messages",
"django.contrib.staticfiles",
"storages",
"datacollection.apps.DatacollectionConfig",
"corsheaders",
]
所以我有后端错误:禁止(未设置 CSRF cookie。):/
backend error
请问这个问题是最新的,但尝试过的所有解决方案都不能解决我的问题...帮助!
您需要在请求中添加 csrf 令牌 headers。
export function loginUser({ email, password }, history) {
return (dispatch) => {
axios({
url: URL_LOGIN_BASE,
method: "POST",
headers: {
"Content-Type": "application/json",
"Access-Control-Allow-Origin": "*",
"X-CSRFToken" : "TOKEN FROM YOUR COOKIES"
},
// withCredentials: true,
data: { "email": email, "password": password }
}).then(response => {
dispatch(setAuthentification(true));
history.push("/dashboard");
console.log(response);
}).catch(err => {
console.log(err);
});
// 下面的函数 returns 来自 cookie 的 csrftoken。
export const getCsrfToken = () => {
const csrf = document.cookie.match('(^|;)\s*csrftoken\s*=\s*([^;]+)');
return csrf ? csrf.pop() : '';
};