1. 首頁
  2. 問答
  3. Django - 發佈阿賈克斯請求禁止403與ExtJS

Django - 發佈阿賈克斯請求禁止403與ExtJS

2014-01-07 72 views
0

我使用ExtJs來創建一個按鈕,做一個Ajax發佈到我的Django應用程序,但該帖子被FORBIDDEN(403)錯誤阻止。Django - 發佈阿賈克斯請求禁止403與ExtJS

我tryed由沒有成功的自定義X-CSRFToken頭設置爲CSRF令牌(https://docs.djangoproject.com/en/1.3/ref/contrib/csrf/#ajax)的值

ExtJS.js

 action = new Ext.Button({ 
      text: 'Ajax Test', 
      handler: function() { 
       Ext.Ajax.request({ 
         url: 'test/', 
         method: 'POST', 
         headers: { 'Content-Type': 'application/json'}, 
         params: {'test': 'test'}, 
         success: function(response, opts) { 
           var obj = Ext.decode(response.responseText); 
           console.dir(obj); 
           }, 
         failure: function(response, opts) { 
           console.log('server-side failure'); 
           } 
       }); 
      }, 
     });

視圖傳遞CSRF令牌作爲POST數據的.py

def test(request): 
    print "TEST WORKING" 
    print dict(request.POST.copy().iteritems()) 
    return HttpResponse("")

CHROME網絡標籤:

響應:

CSRF verification failed. Request aborted.

餅乾:

Request Cookies: 
csrftoken : S7uLgmhqeprWqL4NdH9mznIfpTgyM9RP 
djdt : hide 
djdttop : 30 
sessionid : sx4ukmkitqp39wvuve1a9zed2kjiwfb1 

Response Cookies: 
(empty)

接頭:

Request URL:http://127.0.0.1:8000/basqui/layer/edit/2/test/ 
Request Method:POST 
Status Code:403 FORBIDDEN 
Request Headersview source 
Accept:*/* 
Accept-Encoding:gzip,deflate,sdch 
Accept-Language:fr-FR,fr;q=0.8,en-US;q=0.6,en;q=0.4 
Connection:keep-alive 
Content-Length:9 
Content-Type:application/x-www-form-urlencoded; charset=UTF-8 
Cookie:sessionid=sx4ukmkitqp39wvuve1a9zed2kjiwfb1; csrftoken=S7uLgmhqeprWqL4NdH9mznIfpTgyM9RP; djdttop=30; djdt=hide 
Host:127.0.0.1:8000 
Origin:http://127.0.0.1:8000 
Referer:http://127.0.0.1:8000/basqui/layer/edit/2 
User-Agent:Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/31.0.1650.63 Safari/537.36 
X-Requested-With:XMLHttpRequest 
Form Dataview sourceview URL encoded 
test:test 
Response Headersview source 
Content-Type:text/html 
Date:Tue, 07 Jan 2014 16:52:15 GMT 
Server:WSGIServer/0.1 Python/2.7.5 
X-Frame-Options:SAMEORIGIN

來源

2014-01-07 Below the Radar

+0

顯示我們Django的視圖以及.. – mariodev

+0

添加CSRF令牌是正確的解決方案,可以請你加了一遍,然後做請求和複製/從瀏覽器開發工具網絡標籤粘貼帖子和回覆? – krs

+0

習慣上,添加CSRF令牌時,ajax文章正在工作。我認爲它不在這裏工作,因爲ajax初始化通過extJS –

回答

4 
 action = new Ext.Button({ 
     text: 'Ajax Test', 
     handler: function() { 
      var csrf = Ext.util.Cookies.get('csrftoken'); 
      Ext.Ajax.request({ 
        url: 'test/', 
        method: 'POST', 
        headers: { 'Content-Type': 'application/json'}, 
        params: {'test': 'test', 'csrfmiddlewaretoken': csrf}, 
        success: function(response, opts) { 
          var obj = Ext.decode(response.responseText); 
          console.dir(obj); 
          }, 
        failure: function(response, opts) { 
          console.log('server-side failure'); 
          } 
      }); 
     }, 
    });

來源

2014-06-03 02:38:29 7i11

1

https://www.sencha.com/forum/showthread.php?134125-Django-1-3-Login-with-ExtJS-4-and-CSRF

我把這個在我的應用程序啓動功能:

Ext.require(["Ext.util.Cookies", "Ext.Ajax"], function(){ 
    // Add csrf token to every ajax request 
    var token = Ext.util.Cookies.get('csrftoken'); 
    if(!token){ 
     Ext.Error.raise("Missing csrftoken cookie"); 
    } else { 
     Ext.Ajax.defaultHeaders = Ext.apply(Ext.Ajax.defaultHeaders || {}, { 
      'X-CSRFToken': token 
     }); 
    } 
});

來源

2017-09-15 15:30:56

相關問題

 相關問題