使用apollo客户端和graphene django配置CSRF令牌
在authlink标头中正确设置csrf令牌时遇到问题使用apollo客户端和graphene django配置CSRF令牌,django,csrf,apollo-client,react-apollo,graphene-python,Django,Csrf,Apollo Client,React Apollo,Graphene Python,在authlink标头中正确设置csrf令牌时遇到问题 const authLink = setContext((_, { headers }) => { const token = localStorage.getItem(AUTH_TOKEN) return { "headers": { 'X-CSRFToken' : getCookie('csrftoken'), "Authorization": t
const authLink = setContext((_, { headers }) => {
const token = localStorage.getItem(AUTH_TOKEN)
return {
"headers": {
'X-CSRFToken' : getCookie('csrftoken'),
"Authorization": token ? `JWT ${token}` : '',
...headers,
},
};
});
正在发送的请求在浏览器devtools中看起来正常,正如您在底部看到的,csrf令牌看起来正确吗?我清除了我的浏览器数据,以确保它不是旧的,但我不确定这是否有效
accept: */*
Accept-Encoding: gzip, deflate, br
Accept-Language: en-US,en;q=0.9
Authorization
Connection: keep-alive
Content-Length: 505
content-type: application/json
Host: localhost:8000
Origin: http://localhost:3000
Referer: http://localhost:3000/
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: same-site
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.90 Safari/537.36 Edg/89.0.774.63
X-CSRFToken: LsV83sz3Rb5RRIlNcRN3AgnniodwsSMpvXwMGquPGRbvoPpISfKv6MBEf86rVzVp
我在网站上看到的错误是
CSRF验证失败。请求中止
我的django服务器显示
禁止(未设置CSRF cookie)。您是否尝试安装corsheaders?或者你确定你有这个功能 函数getCookie(名称){ var-cookieValue=null; if(document.cookie&&document.cookie!=''){ var cookies=document.cookie.split(“;”); 对于(变量i=0;i