AngularJS rest API调用Django,获取作品,但禁止发布
我有一个AngularJS前端和一个Django后端 前端使用以下两个$http调用调用后端:AngularJS rest API调用Django,获取作品,但禁止发布,angularjs,django,rest,django-rest-framework,Angularjs,Django,Rest,Django Rest Framework,我有一个AngularJS前端和一个Django后端 前端使用以下两个$http调用调用后端: athleticsApp.controller('athletesListController', ['$scope', '$http', function($scope, $http) { $scope.athletes = []; $scope.getAthletes = function(){ $http .get('http://ser
athleticsApp.controller('athletesListController', ['$scope', '$http', function($scope, $http) {
$scope.athletes = [];
$scope.getAthletes = function(){
$http
.get('http://serverip:8666/athletics/athletes/')
.success(function(result) {
$scope.athletes = result;
})
.error(function(data, status) {
console.log(data);
console.log(status);
});
}
$scope.init = function() {
$scope.getAthletes();
}
$scope.init();
}]);
athleticsApp.controller('athleteNewController', ['$scope', '$http', function($scope, $http) {
$scope.athlete = {
firstName : '',
lastName : ''
};
$scope.postNewAthlete = function(){
$http
.post('http://serverip:8666/athletics/athletes/', $scope.athlete)
.success(function(result) {
// set url fraction identifier to list athletes
})
}
}]);
GET呼叫是成功的。POST调用生成以下错误:
403号岗位(禁止)
为什么会产生错误
Django代码如下所示:
url.py
from django.conf.urls import patterns, url
from views import Athletes
urlpatterns = [
url(r'^athletes/', Athletes.as_view()),
]
views.py
from rest_framework.response import Response
from rest_framework.views import APIView
from .models import Athlete
from django.shortcuts import get_object_or_404, render
from athletics.serializers import AthleteSerializer
class Athletes(APIView):
def get(self, request, format=None):
all_athletes = Athlete.objects.all()
serializer = AthleteSerializer(all_athletes, many=True)
return Response(serializer.data)
def post(self, request, format=None):
serializer = AthleteSerializer(data=request.data)
if serializer.is_valid(raise_exception=True):
creation_data = serializer.save()
return Response()
序列化程序.py
class AthleteSerializer(serializers.ModelSerializer):
class Meta:
model = Athlete
fields = (
'first_name',
'last_name'
)
设置.py
# Build paths inside the project like this: os.path.join(BASE_DIR, ...)
import os
BASE_DIR = os.path.dirname(os.path.dirname(os.path.abspath(__file__)))
# Quick-start development settings - unsuitable for production
# See https://docs.djangoproject.com/en/1.8/howto/deployment/checklist/
# SECURITY WARNING: keep the secret key used in production secret!
SECRET_KEY = 'characters'
# SECURITY WARNING: don't run with debug turned on in production!
DEBUG = True
INTERNAL_IPS = (
'myip'
)
CORS_ORIGIN_ALLOW_ALL = True
ALLOWED_HOSTS = []
# Application definition
REQUIRED_APPS = (
'django.contrib.admin',
'django.contrib.auth',
'django.contrib.contenttypes',
'django.contrib.sessions',
'django.contrib.messages',
'django.contrib.staticfiles',
# Third party apps
'rest_framework',
)
PROJECT_APPS = (
# This project
'athletics',
'testetics',
)
INSTALLED_APPS = REQUIRED_APPS + PROJECT_APPS
MIDDLEWARE_CLASSES = (
'django.contrib.sessions.middleware.SessionMiddleware',
'django.middleware.common.CommonMiddleware',
'django.middleware.csrf.CsrfViewMiddleware',
'django.contrib.auth.middleware.AuthenticationMiddleware',
'django.contrib.auth.middleware.SessionAuthenticationMiddleware',
'django.contrib.messages.middleware.MessageMiddleware',
'django.middleware.clickjacking.XFrameOptionsMiddleware',
'django.middleware.security.SecurityMiddleware',
'django.contrib.messages.middleware.MessageMiddleware',
'corsheaders.middleware.CorsMiddleware',
)
ROOT_URLCONF = 'mysitedjango.urls'
TEMPLATES = [
{
'BACKEND': 'django.template.backends.django.DjangoTemplates',
'DIRS': [],
'APP_DIRS': True,
'OPTIONS': {
'context_processors': [
'django.template.context_processors.debug',
'django.template.context_processors.request',
'django.contrib.auth.context_processors.auth',
'django.contrib.messages.context_processors.messages',
],
},
},
]
WSGI_APPLICATION = 'mysitedjango.wsgi.application'
# Database
# https://docs.djangoproject.com/en/1.8/ref/settings/#databases
DATABASES = {
'default': {
'ENGINE': 'django.db.backends.sqlite3',
'NAME': os.path.join(BASE_DIR, 'db.sqlite3'),
}
}
# Internationalization
# https://docs.djangoproject.com/en/1.8/topics/i18n/
LANGUAGE_CODE = 'en-us'
TIME_ZONE = 'Europe/Stockholm'
USE_I18N = True
USE_L10N = True
USE_TZ = True
# Static files (CSS, JavaScript, Images)
# https://docs.djangoproject.com/en/1.8/howto/static-files/
STATIC_URL = '/static/'
编辑:我添加了设置。py添加:
# Build paths inside the project like this: os.path.join(BASE_DIR, ...)
import os
BASE_DIR = os.path.dirname(os.path.dirname(os.path.abspath(__file__)))
# Quick-start development settings - unsuitable for production
# See https://docs.djangoproject.com/en/1.8/howto/deployment/checklist/
# SECURITY WARNING: keep the secret key used in production secret!
SECRET_KEY = 'characters'
# SECURITY WARNING: don't run with debug turned on in production!
DEBUG = True
INTERNAL_IPS = (
'myip'
)
CORS_ORIGIN_ALLOW_ALL = True
ALLOWED_HOSTS = []
# Application definition
REQUIRED_APPS = (
'django.contrib.admin',
'django.contrib.auth',
'django.contrib.contenttypes',
'django.contrib.sessions',
'django.contrib.messages',
'django.contrib.staticfiles',
# Third party apps
'rest_framework',
)
PROJECT_APPS = (
# This project
'athletics',
'testetics',
)
INSTALLED_APPS = REQUIRED_APPS + PROJECT_APPS
MIDDLEWARE_CLASSES = (
'django.contrib.sessions.middleware.SessionMiddleware',
'django.middleware.common.CommonMiddleware',
'django.middleware.csrf.CsrfViewMiddleware',
'django.contrib.auth.middleware.AuthenticationMiddleware',
'django.contrib.auth.middleware.SessionAuthenticationMiddleware',
'django.contrib.messages.middleware.MessageMiddleware',
'django.middleware.clickjacking.XFrameOptionsMiddleware',
'django.middleware.security.SecurityMiddleware',
'django.contrib.messages.middleware.MessageMiddleware',
'corsheaders.middleware.CorsMiddleware',
)
ROOT_URLCONF = 'mysitedjango.urls'
TEMPLATES = [
{
'BACKEND': 'django.template.backends.django.DjangoTemplates',
'DIRS': [],
'APP_DIRS': True,
'OPTIONS': {
'context_processors': [
'django.template.context_processors.debug',
'django.template.context_processors.request',
'django.contrib.auth.context_processors.auth',
'django.contrib.messages.context_processors.messages',
],
},
},
]
WSGI_APPLICATION = 'mysitedjango.wsgi.application'
# Database
# https://docs.djangoproject.com/en/1.8/ref/settings/#databases
DATABASES = {
'default': {
'ENGINE': 'django.db.backends.sqlite3',
'NAME': os.path.join(BASE_DIR, 'db.sqlite3'),
}
}
# Internationalization
# https://docs.djangoproject.com/en/1.8/topics/i18n/
LANGUAGE_CODE = 'en-us'
TIME_ZONE = 'Europe/Stockholm'
USE_I18N = True
USE_L10N = True
USE_TZ = True
# Static files (CSS, JavaScript, Images)
# https://docs.djangoproject.com/en/1.8/howto/static-files/
STATIC_URL = '/static/'
@api_view(['POST', 'GET'])
就在运动员上课之前。如果使用基于会话的身份验证,则需要确保发送CSRF Django文档对如何操作有完整的解释:
请注意,必须有angular插件已经处理了这个问题,尽管我没有推荐angular插件,因为我的API没有使用angular插件。您能发布您得到的完整错误吗? Django通常会告诉您拒绝请求的原因 如果问题是CSRF,请查看:
这解决了我访问django后端的问题 当您使用APIView时,不需要指定该值。您的设置如何?你能提供
DEFAULT\u PERMISSION\u CLASSES
和DEFAULT\u AUTHENTICATION\u CLASSES
吗?@DevilPinky:我以前没听说过。我没有在我的settings.py中输入这些设置,所以我想我有默认值。你能发布它们吗?@DevilPinky:当然,我已经将设置文件添加到了我的原始帖子中。我不知道如何从该站点添加CSFR令牌。我如何设置Django?如何将其添加到AngularJS中的post请求中?在您的设置中有“django.middleware.csrf.CsrfViewMiddleware”,它使用cookies启用csrf。在angularjs方面,只需添加链接中的代码。如果您可以检查并发布从后端得到的响应,这将非常有用,因为django通常会告诉您为什么它不接受您的请求。我已经做了一些修改,但不知道我做了哪些相关的更改。浏览器中的错误消息已更改为:400(错误请求),后端现在接收该请求,但由于某些原因,serializer.is_valid()为FALSE,因此未存储该请求。因此,也许我应该结束这个问题,因为未知原因可能与我的代码或服务器(由其他人维护)有关,我仍然有问题,但我的问题已发生变化。如果您现在收到错误的请求,您的访问问题似乎已得到修复。因为服务器正在处理您的请求。祝你好运解决下一个问题