Django CSRF 验证失败 - 基于 Class 的视图
Django CSRF Verifcation failed - Class based views
我正在使用基于 class 的视图。
class UserCreate(View):
def post(self, request):
data = request.data.get
social_id = data('social_id')
social_source = data('social_source')
user = User(social_id=social_id, social_source=social_source, access_token=access_token)
user.save()
return JsonResponse({'response':200})
每当我 post 关于此 URL 的数据时,它会显示 CSRF token missing or incorrect.
curl -X POST --header "Content-Type: application/json" --header "Accept: application/json" -d "{
\"social_id\": \"string\",
\"social_source\": \"FB/Gmail\",
\"access_token\": \"string\"
}" "http://127.0.0.1:8000/users/"
我在函数视图中从表单获取数据时遇到了这个问题。我曾经在我的视图中添加 @csrf_exempt 并且它会起作用。当我将 @csrf_exempt 添加到我的 post 方法时,它不起作用。我怎样才能post数据?
@csrf_exempt 是函数的装饰器,而不是基于 Class 的视图。为了在 CBV 安装上获得 CSRF 豁免 django-braces 并按如下方式导入 CsrfExemptMixin:
from braces.views import CsrfExemptMixin
并以这种方式实现它:
class UserCreate(CsrfExemptMixin, View):
def post(self, request):
data = request.data.get
social_id = data('social_id')
social_source = data('social_source')
user = User(social_id=social_id, social_source=social_source, access_token=access_token)
user.save()
return JsonResponse({'response':200})
这是因为 class_based 视图需要 decorate dispatch method 才能 csrf_exempt 工作
class UserCreate(View):
@method_decorator(csrf_exempt)
def dispatch(self, request, *args, **kwargs):
return super(UserCreate, self).dispatch(request, *args, **kwargs)
def post():
....
您可以简单地从 CBV 创建视图,然后像这样用装饰器包装它:
user_view = csrf_exempt(UserCreate.as_view())
完整示例:
views.py
class UserCreate(View):
def post(self, request):
data = request.data.get
social_id = data('social_id')
social_source = data('social_source')
user = User(social_id=social_id, social_source=social_source, access_token=access_token)
user.save()
return JsonResponse({'response':200})
user_create = csrf_exempt(UserCreate.as_view())
urls.py
from myapp.views import user_create
urlpatternts = [
...
url(r'^pattern-here/$', user_create, name='user-create'),
...
]
我正在使用基于 class 的视图。
class UserCreate(View):
def post(self, request):
data = request.data.get
social_id = data('social_id')
social_source = data('social_source')
user = User(social_id=social_id, social_source=social_source, access_token=access_token)
user.save()
return JsonResponse({'response':200})
每当我 post 关于此 URL 的数据时,它会显示 CSRF token missing or incorrect.
curl -X POST --header "Content-Type: application/json" --header "Accept: application/json" -d "{
\"social_id\": \"string\",
\"social_source\": \"FB/Gmail\",
\"access_token\": \"string\"
}" "http://127.0.0.1:8000/users/"
我在函数视图中从表单获取数据时遇到了这个问题。我曾经在我的视图中添加 @csrf_exempt 并且它会起作用。当我将 @csrf_exempt 添加到我的 post 方法时,它不起作用。我怎样才能post数据?
@csrf_exempt 是函数的装饰器,而不是基于 Class 的视图。为了在 CBV 安装上获得 CSRF 豁免 django-braces 并按如下方式导入 CsrfExemptMixin:
from braces.views import CsrfExemptMixin
并以这种方式实现它:
class UserCreate(CsrfExemptMixin, View):
def post(self, request):
data = request.data.get
social_id = data('social_id')
social_source = data('social_source')
user = User(social_id=social_id, social_source=social_source, access_token=access_token)
user.save()
return JsonResponse({'response':200})
这是因为 class_based 视图需要 decorate dispatch method 才能 csrf_exempt 工作
class UserCreate(View):
@method_decorator(csrf_exempt)
def dispatch(self, request, *args, **kwargs):
return super(UserCreate, self).dispatch(request, *args, **kwargs)
def post():
....
您可以简单地从 CBV 创建视图,然后像这样用装饰器包装它:
user_view = csrf_exempt(UserCreate.as_view())
完整示例:
views.py
class UserCreate(View):
def post(self, request):
data = request.data.get
social_id = data('social_id')
social_source = data('social_source')
user = User(social_id=social_id, social_source=social_source, access_token=access_token)
user.save()
return JsonResponse({'response':200})
user_create = csrf_exempt(UserCreate.as_view())
urls.py
from myapp.views import user_create
urlpatternts = [
...
url(r'^pattern-here/$', user_create, name='user-create'),
...
]