詳細信息：「CSRF失敗：CSRF令牌丟失或不正確。」

Question

我已經在restaurant_detail.html中的腳本標籤中使用了window.CSRF_TOKEN =「{{csrf_token}}」，其中我的反應頁用於發佈評論。不過，我收到了一個錯誤。在我的onSubmit函數中，我已經安慰檢查csrf標記是否通過，是的。

我張貼審查愛可信代碼

onSubmit(props){ 
     console.log('csrf',CSRF_TOKEN); 
     axios({ 
      method:'POST', 
      url:'/api/review/create/', 
      headers:{ 
       'X-CSRF-Token':CSRF_TOKEN, 
       //'Access-Control-Allow-Origin':'*', 
       'Accept': 'application/json', 
       'Content-Type': 'application/json', 
      }, 
      data:{ 
       review:props.review 
      } 
     }) 
     .then(response => { 
      console.log('success'); 
     }) 
     .catch(error => { 
      throw("Error: ",error); 
     }); 
    } 

API/Views.py

class ReviewCreateAPIView(CreateAPIView): 
    queryset = Review.objects.all() 
    # permisssion_classes = [IsAuthenticated] 

    def get_serializer_class(self): 
     model_type = self.request.GET.get('type') 
     slug = self.request.GET.get('slug') 
     parent_id = self.request.GET.get('parent_id') 
     return create_review_serializer(model_type=model_type, slug=slug, parent_id=parent_id, reviewer=self.request.user) 

serializers.py

def create_review_serializer(model_type='restaurant',slug=None, parent_id=None, reviewer=None): 
    class ReviewCreateSerializer(ModelSerializer): 
     class Meta: 
      model = Review 
      fields = ('id','review','created',) 

     def __init__(self, *args, **kwargs): 
      self.model_type = model_type 
      self.slug = slug 
      self.parent_obj = None 
      if parent_id: 
       parent_qs = Review.objects.filter(id=parent_id) 
       if parent_qs.exists() and parent_qs.count() == 1: 
        self.parent_obj = parent_qs.first() 
      return super(ReviewCreateSerializer, self).__init__(*args, **kwargs) 

     def validate(self, data): 
      model_type = self.model_type 
      model_qs = ContentType.objects.filter(model=model_type) 
      if not model_qs.exists() or model_qs.count() != 1: 
       raise ValidationError('This is not a valid content type') 
      SomeModel = model_qs.first().model_class() 
      obj_qs = SomeModel.objects.filter(slug=self.slug) # Restaurant.objects.filter(slug=self.slug) 
      if not obj_qs.exists() or obj_qs.count() != 1: 
       raise ValidationError('This is not a slug for this content type') 
      return data 

     def create(self, validated_data): 
      review = validated_data.get('review') 
      print('review',review) 
      if reviewer: 
       main_reviewer = reviewer 
      else: 
       main_reviewer = User.objects.all().first() 
      model_type = self.model_type 
      slug = self.slug 
      parent_obj = self.parent_obj 
      review = Review.objects.create_for_model_type(model_type, slug, review, main_reviewer, parent_obj=parent_obj) 
      return review 

    return ReviewCreateSerializer 

urls.p Ÿ

restaurant_detail.html

<div id="app"></div> 
<script type="text/javascript"> window.CSRF_TOKEN = "{{ csrf_token }}"; </script> 

我怎麼能解決這個問題？

Answer 1

您已經完成了一個簡單的錯誤。有一個錯字。不要更換

'X-CSRFToken'

到

'X-CSRFToken'

，如果你有正確的代碼，那麼就應該發表您的數據。

Answer 2

我不熟悉，愛可信，但我解決了類似的問題，請使用吹代碼使用jQuery：

$.ajaxSetup({ 
    data : { 
     csrfmiddlewaretoken : '{{ csrf_token }}' 
    }, 
}); 

Answer 3

你必須設置與cookie值AJAX調用的頭。

$.ajaxSetup({ 
beforeSend: function(xhr, settings) { 
    function getCookie(name) { 
     var cookieValue = null; 
     if (document.cookie && document.cookie != '') { 
      var cookies = document.cookie.split(';'); 
      for (var i = 0; i < cookies.length; i++) { 
       var cookie = jQuery.trim(cookies[i]); 
       // Does this cookie string begin with the name we want? 
       if (cookie.substring(0, name.length + 1) == (name + '=')) { 
        cookieValue = decodeURIComponent(cookie.substring(name.length + 1)); 
        break; 
       } 
      } 
     } 
     return cookieValue; 
    } 
    if (!(/^http:.*/.test(settings.url) || /^https:.*/.test(settings.url))) { 
     // Only send the token to relative URLs i.e. locally. 
     xhr.setRequestHeader("X-CSRFToken", getCookie('csrftoken')); 
    } 
} 
});