Django 从tcp套接字进行CSRF验证

我有一个django网站在我的本地主机上运行。我将通过tcp套接字访问该网站，并将一些数据发布到服务器

我已成功访问该网站，但由于csrf验证，我无法将任何数据发布到服务器

我所做的是，根据从服务器获得的响应，取出csrf令牌并将其存储在字符串中，然后通过post请求进行post。但我得到了csrf验证失败的错误

如何通过tcp套接字完成发布数据的任务

我的代码如下：

#include <iostream> #include <vector> #include <boost/asio.hpp> #include <string> #include <algorithm> #include <sstream> #include <ostream> using boost::asio::ip::tcp; void getresponse(std::string request, boost::asio::streambuf& response, tcp::socket& socket); int main() { std::string hostName = "localhost"; std::string serviceName = "http"; try { boost::asio::io_service io_service; // get a list of endpoints corresponding to the server name tcp::resolver resolver(io_service); tcp::resolver::query query(hostName, serviceName); tcp::resolver::iterator endpt_iterator = resolver.resolve(query); tcp::resolver::iterator end; // try each endpoint until we successfully establish a connection tcp::socket socket(io_service); //tcp::socket socket1(io_service); boost::system::error_code error = boost::asio::error::host_not_found; while (error && endpt_iterator != end) { socket.close(); //socket1.close(); socket.connect(*endpt_iterator++, error); //socket1.connect(*endpt_iterator++, error); } if (error) { std::cout << "Error connecting.. \n"; throw boost::system::system_error(error); } // we secify "Connection:close" header and thus the server closes after the response has been send. // this will allow us to treat all data up untill the EOF as the content //boost::asio::streambuf request; //std::ostream request_stream(&request); std::string requeststr = "GET "; requeststr+="/ HTTP/1.0\r\nUser-Agent: bibek\r\nHost: localhost\r\nAccept: text/html\r\nConnection: Keep-Alive\r\n\r\n"; boost::asio::streambuf response; std::string responseString, code; getresponse(requeststr, response, socket); std::istream response_stream(&response); while(!std::getline(response_stream, responseString).eof()) { //std::cout << responseString << std::endl; if(responseString.find("csrfmiddlewaretoken")!=std::string::npos) { // this one is for finding the value of csrf token int pos1 = responseString.find("value"); code = responseString.substr(pos1); pos1 = code.find("\'"); code = code.substr(pos1+1); pos1 = code.find("\'"); code = code.substr(0,pos1); std::cout << code << std::endl; } } requeststr = "POST "; requeststr+="/ HTTP/1.1\r\nUser-Agent: bibek\r\nHost: localhost\r\nAccept: text/html\r\n"; requeststr+= "Content-Type: application/x-www.form-urlencoded\r\nConnection: Keep-Alive\r\n\r\n"; requeststr+="&csrfmiddlewaretoken="+code+"name=bibek&email=pandey&comment=thisisnice"; boost::asio::streambuf response1; getresponse(requeststr, response1, socket); std::istream response_stream1(&response1); while(!std::getline(response_stream1, responseString).eof()) { std::cout << responseString << std::endl; } // read until EOF, witing data to output as we go. while (boost::asio::read(socket, response, boost::asio::transfer_at_least(1), error)) std::cout << &response; if (error != boost::asio::error::eof) { std::cout << "Error!!!!\n"; throw boost::system::system_error(error); } } catch (std::exception & e) { std::cout << "Exception: " << e.what() << "\n"; } return 0; } void getresponse(std::string requeststr, boost::asio::streambuf& response, tcp::socket& socket) { char * testchar = new char[requeststr.length() + 1]; strcpy(testchar, requeststr.c_str()); // send the request boost::asio::write(socket, boost::asio::buffer(testchar, requeststr.length()+1)); // read the response until the end. boost::asio::read_until(socket, response, "</html>"); }

---

在这里，我第一次从服务器得到响应，我可以找到csrf令牌。但是，下一次我发送Postor Get请求时，我会收到文件结束异常，尽管该连接将保持活动状态。我想在下一个请求中发布csrf令牌。

您能提供一些示例代码吗？它可能很简单，比如你用错误的名称发送csrftoken我添加了一个示例代码。我不是专家，但你的代码似乎足够合理。您是否仔细检查了提取CSRF令牌的代码是否正常工作？如果是这样，那么您必须进入Django代码，以确保收到的表单数据是您期望的。您可以通过在django安装的视图代码中放入一条语句来实现这一点