CSRF Failed: CSRF token missing or incorrect

前端 未结 12 728
臣服心动
臣服心动 2020-11-29 02:42

I\'m using Django 1.7 and django-rest-framework.

I made an API that returns me some JSON data putting this in my settings.py

REST_FRAMEW         


        
相关标签:
12条回答
  • 2020-11-29 03:20
    // USING AJAX TO UPDATE DATABASE THROUGH REST API
    function getCookie(name) {
        var cookieValue = null;
        if (document.cookie && document.cookie !== '') {
            var cookies = document.cookie.split(';');
            for (var i = 0; i < cookies.length; i++) {
                var cookie = jQuery.trim(cookies[i]);
                if (cookie.substring(0, name.length + 1) === (name + '=')) {
                    cookieValue = decodeURIComponent(cookie.substring(name.length + 1));
                    break;
                }
            }
        }
        return cookieValue;
    }
    
    var csrftoken = getCookie('csrftoken');
    
    function csrfSafeMethod(method) {
        // these HTTP methods do not require CSRF protection
        return (/^(GET|HEAD|OPTIONS|TRACE)$/.test(method));
    }
    
    $.ajaxSetup({
        beforeSend: function (xhr, settings) {
            if (!csrfSafeMethod(settings.type) && !this.crossDomain) {
                xhr.setRequestHeader("X-CSRFToken", csrftoken);
            }
        }
    });
    
    0 讨论(0)
  • 2020-11-29 03:21

    The easiest way to solve this error, I found on here. It works for me perfectly.

    Steps:

    Inherit the SessionAuthentication class:

    from rest_framework.authentication import SessionAuthentication, BasicAuthentication 
    
    class CsrfExemptSessionAuthentication(SessionAuthentication):
    
        def enforce_csrf(self, request):
            return  # To not perform the csrf check previously happening
    

    Then in the APIView you have created, do this:

    class Object(APIView):
        authentication_classes = (CsrfExemptSessionAuthentication, BasicAuthentication)
    
        def post(self, request, format=None):
    

    This will keep you logged-in and your CSRF token will no longer be checked for this APIView.

    0 讨论(0)
  • 2020-11-29 03:22

    I think it is a cookie issue.

    Permanent Solution: If you are using Postman, First, clear the existing cookies by clicking 'X' s. Then add correct cookie.

    Temporary Solution (for debugging): Try this in your settings.py:

    'DEFAULT_AUTHENTICATION_CLASSES': [
        # 'rest_framework.authentication.SessionAuthentication',
        'rest_framework.authentication.BasicAuthentication',
    ]
    
    0 讨论(0)
  • 2020-11-29 03:26

    This is what i did to solve it, i included csrf token to the form and using jquery/ javascrip got the csrf token like this when document loaded

    var $crf_token = $('[name="csrfmiddlewaretoken"]').attr('value');
    

    the included it on jquery headers as follow

     $.ajax({
                type: "POST",
                url: "/api/endpoint/",
                data: newEndpoint,
                headers:{"X-CSRFToken": $crf_token},
                success: function (newEnd) {
                    console.log(newEnd);
                    add_end(newEnd);
                },
                error: function () {
                    alert("There was an error")
                }
            });
    
    0 讨论(0)
  • 2020-11-29 03:26

    I had a similar problem where I'd wrapped the views with csrf_exempt and was still encountering errors. It turned out that I was getting the URL wrong, so it was resolved to a "not found" callback (which wasn't exempt from CSRF) and was hence throwing an exception before I could be told that the URL was wrong.

    0 讨论(0)
  • 2020-11-29 03:29

    Get token from cookie:

    function readCookie(name) {
        var nameEQ = name + "=";
        var ca = document.cookie.split(';');
        for(var i=0;i < ca.length;i++) {
            var c = ca[i];
            while (c.charAt(0)==' ') c = c.substring(1,c.length);
            if (c.indexOf(nameEQ) == 0) return c.substring(nameEQ.length,c.length);
        }
        return null;
    }
    
    var csrftoken = readCookie('csrftoken');
    

    Send token in headers POST request:

      this.$http.post(server,{params: {foo: 'bar'}}, {headers: {"X-CSRFToken":csrftoken }}).then(function (response) {
                this.response = response.data;
            },
            function (response) {
                console.log(response);
            });
    
    0 讨论(0)
提交回复
热议问题