无法登录Angular2/Django rest框架
我将会话身份验证与以下Angular 2服务方法一起使用无法登录Angular2/Django rest框架,django,angular,authentication,django-rest-framework,Django,Angular,Authentication,Django Rest Framework,我将会话身份验证与以下Angular 2服务方法一起使用 login(username : string, password : string) { var data = { username: username, password: password } return this.http.post(environment.apiEndpoint + 'login', data) .catch((error) => {
login(username : string, password : string) {
var data = {
username: username,
password: password
}
return this.http.post(environment.apiEndpoint + 'login', data)
.catch((error) => {
return Observable.throw(error.json());
});
}
结果:响应在标头setcookie值中包含csrftoken和sessionid,但被angular忽略
使用凭据添加会导致CSRF无效令牌错误
如何使用Angular 2和Django rest框架以及会话身份验证方案登录?提前通知 我将Django session auth与Angular2一起使用,如下所示:
loginUser (credentials: any): Observable<Profile> {
let headers = new Headers({ 'Content-Type': 'application/json'});
headers.append("X-CSRFToken", this.utils.getCookie('csrftoken'));
let options = new RequestOptions({ headers: headers, withCredentials: true });
return this.http.post(this.userUrl + 'auth/', credentials , options)
.map(res => res.json())
.catch(this.handleError);
}
我使用了Django rest框架。但我建议您使用django jwt auth而不是session(更省力:)
@method_decorator(csrf_protect)
def post(self, request, format=None):
user_data = request.data
self.logger.info('Authenticating user {0}'.format(user_data['username']))
user = authenticate(username=user_data['username'], password=user_data['password'])
login(request, user)