我通過AJAX向api發送了一個post請求(當前頁面和api都在同一主機下)。我得到csrf failed: csrf token missing or incorrect error。當我從1.8升級到django 1.10時發生了這種情況。我用django 1.9進行了檢查,錯誤仍然存在於1.9。下面是詳細的捲曲:CSRF失敗:從1.8升級到django 1.10後CSRF令牌丟失或不正確
curl 'https://tru-staging.com/pagemaker/api/v1/carousel/slide/' -H 'Pragma: no-cache' -H 'Origin: https://tru-staging.com' -H 'Accept-Encoding: gzip, deflate, br' -H 'Accept-Language: en-US,en;q=0.8,ar;q=0.6' -H 'Authorization: Token undefined' -H 'Content-Type: application/json;charset=UTF-8' -H 'Accept: application/json, text/plain, */*' -H 'Cache-Control: no-cache' -H 'X-CSRFToken: UMQPAIb1OTl7MyiQLJttdKE8xOLz35pMaHeNGMMDqy0Jn3x8SpbaEUmzOQk7Fppr' -H 'User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_12_1) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/55.0.2883.95 Safari/537.36' -H 'Cookie: _ga=GA1.2.2131330908.1484113382; sessionid=nnxqi67j18tblt985vayyz4ssyhdnfjm; csrftoken=o6gjW1Sxb1X23hI9RurDIAXjSuEbbgbMQJtMQyS2gT1yTnCGF80rmmB8pwSOSKKj' -H 'Connection: keep-alive' -H 'Referer: https://tru-staging.com/68/school_landing/' --data-binary '{"order":4,"carousel":736}' —compressed
這是什麼造成的? – sachitad
在進行AJAX調用之前如何設置X-CSRFToken?我假設你有一個getCookie()函數來抓取它? – Scovetta
我這樣做。我是這樣的設置標題:https://gist.github.com/sachitad/793b96e56ca719f77bae687085bcd99a – sachitad