django中用ajax post传值会出现403错误,这是因为django会针对提交的请求进行校验。解决方法如下:
方法一
如果用jquery来处理ajax的话,Django直接给一段解决问题的代码。把它放在一个独立的js文件中,在html页面中都引入即可。注意这个js文件必须在jquery的js文件引入之后,再引入即可。官方文档链接:https://docs.djangoproject.com/en/1.10/ref/csrf/
//防止403 forbidden function getCookie(name) { var cookieValue = null; if (document.cookie && document.cookie != '') { var cookies = document.cookie.split(';'); for (var i = 0; i < cookies.length; i++) { var cookie = jQuery.trim(cookies[i]); // Does this cookie string begin with the name we want? if (cookie.substring(0, name.length + 1) == (name + '=')) { cookieValue = decodeURIComponent(cookie.substring(name.length + 1)); break; } } } return cookieValue; } function csrfSafeMethod(method) { // these HTTP methods do not require CSRF protection return (/^(GET|HEAD|OPTIONS|TRACE)$/.test(method)); } $.ajaxSetup({ beforeSend: function(xhr, settings) { var csrftoken = getCookie('csrftoken'); if (!csrfSafeMethod(settings.type) && !this.crossDomain) { xhr.setRequestHeader("X-CSRFToken", csrftoken); } } });
方法二
在处理post数据的view前加上@csrf_exmpt 装饰符
from django.views.decorators.csrf import csrf_exempt ##包装csrf请求,避免django认为其实跨站攻击脚本
@csrf_exempt def edit_view(request): if request.method == 'GET': zhibo_id = request.GET.get('id','') edite_zhibo = CreativeZhibo.objects.get(pk=zhibo_id) return render(request,'creative/materialCenterBroadcastsEdit.html',{'edite_zhibo':edite_zhibo})
来源:oschina
链接:https://my.oschina.net/u/2764829/blog/734105