Google chrome extension Django CSRF仅在发布chrome扩展请求时失败
我使用POST方法请求密钥,如下所示Google chrome extension Django CSRF仅在发布chrome扩展请求时失败,google-chrome-extension,django-rest-auth,Google Chrome Extension,Django Rest Auth,我使用POST方法请求密钥,如下所示 var session_id; // to use for token based authentication // prep $(document).ready(function(){ // sending a csrftoken with every ajax request function csrfSafeMethod(method) { // these HTTP methods do not require CSRF pr
var session_id; // to use for token based authentication
// prep
$(document).ready(function(){
// sending a csrftoken with every ajax request
function csrfSafeMethod(method) {
// these HTTP methods do not require CSRF protection
return (/^(GET|HEAD|OPTIONS|TRACE)$/.test(method));
}
if (!chrome.cookies) {
chrome.cookies = chrome.experimental.cookies;
}
const csrf_from_cookies = {'url': 'https://dummy-site-xyz.com/', 'name': 'csrftoken'};
chrome.cookies.get(csrf_from_cookies, function(res){
csrftoken = res.value;
$.ajaxSetup({
beforeSend: function(xhr, settings) {
if (!csrfSafeMethod(settings.url)) {
xhr.setRequestHeader("X-CSRFToken", csrftoken);
}
}
});
});
const sessionid = {'url': 'https://dummy-site-xyz.com/', 'name': 'sessionid'};
chrome.cookies.get(sessionid, function(res) {
session_id = res.value;
});
});
// the request
$.ajax({
type: "POST",
crossDomain: true,
url: 'https://dummy-site-xyz.com/profile/api/v1/awesome/key',
data: {'sessionid': 'dummy_session_id'},
success: function(data){
// pass
},
error: function( jqXHR, textStatus, errorThrown ){
console.log(jqXHR.responseJSON);
}
});
但是它失败了,detail:“CSRF失败:Referer检查失败-没有Referer。”
如果发送请求,则此操作正常
"permissions": [
.
.
.
"https://dummy-site-xyz.com/*",
.
.
],
清理cookies有帮助吗?@NiVeR:没什么:(在您的数据中,您应该传递
csrf\u令牌