Jquery CSRF验证失败。请求被中止。在django ajax post中
我收到错误CSRF验证失败。请求被中止 我有两个文件,一个是post.html和post_reply.htmlJquery CSRF验证失败。请求被中止。在django ajax post中,jquery,ajax,django,django-csrf,Jquery,Ajax,Django,Django Csrf,我收到错误CSRF验证失败。请求被中止 我有两个文件,一个是post.html和post_reply.html {% for postone in post %} <div class="testmain span11"> <div class="span1 test1"><img src="/media/{{postone.image}}" width="70" height="70" class="img-circle img-resp
{% for postone in post %}
<div class="testmain span11">
<div class="span1 test1"><img src="/media/{{postone.image}}" width="70" height="70" class="img-circle img-responsive"/></div>
<div class="span8 second">
<div class="test1 span5"><a><strong>{{postone.user}}</strong></a></div>
<br/>{{postone.time}}<br/><br/>
<div class="test1 span7">{{postone.post}}</div>
<div class="test span8"><img src="/media/{{postone.image}}" width="300" height="300"/></div>
<div class="span8" style="margin-bottom:2%;"><a class="replytopost" style="margin-left:-4%;" onclick='tog({{postone.pk}})'>Reply<span class="badge">{{postone.number_of_reply}}</span></a><input class="id5" type="hidden" value='{{postone.pk }}'></div>
<div id='{{postone.pk}}' class="hid">
<form method="post" action="." enctype="multipart/form-data" class="horizontal-form" role="form" id='{{postone.pk}}' style=""> {% csrf_token %}
<input type="text" name="lname" class="rep1" style="border-radius: 0px; "><input type="submit" onclick="save_reply({{postone.pk}})" class="btn btn-info replysave" id='{{postone.pk}}' value="Reply" style="border-radius: 0px; margin-bottom: 10px;"/>
</form>
<br/>{% for rep1 in rep %}
<div class="span1 test1"><img src="/media/{{postone.image}}" class="img-circle img-responsive" width="50" height="50"></div>
<div class="span6 third">
<div class="test1 span5"><a><strong>{{postone.user}}</strong></a></div>
<br/>
<div class="test1 span7">{{postone.post}}</div><br/>
<div class="test1 span6" style="margin-top:3%; margin-left:10%; font-size:0.9em;">{% load humanize %} {{postone.time|naturaltime}}</div>
</div>
{% endfor %}
</div>
</div>
</div>
{% endfor %}
我正在使用ajax将post_回复文件html转换为post.html
观点是
def Display_post(request):
if request.method=="GET":
post = Post.objects.all()
#print post
data = []
for pos in post:
rep = Comment.objects.filter(post=post)
html = render_to_string('home/post_reply.html',{"post":post, "rep":rep})
return HttpResponse(html, mimetype="application/json")
因此,现在我的回复表单位于post_回复文件上,该文件将访问post.html
现在我发现CSRF验证失败了。我使用@csrf\u时出错,但它仍然不起作用
Post.html
function save_reply(s)
{
//alert("hello");
//alert(s);
$.djangocsrf( "enable" );
var reply = $(".rep1").val();
var form = $("#"+s).parent();
//alert(reply);
csr = $("#"+s).prev().val();
alert(csr);
data = {
reply: reply,
};
$.ajax({
url: "/home/reply_save/"+s,
type: "POST",
data: form.serialize(),
success: function (response) {
alert("hello");
},
error: function () {
}
});
}
post_reply.html
{% for postone in post %}
<div class="testmain span11">
<div class="span1 test1"><img src="/media/{{postone.image}}" width="70" height="70" class="img-circle img-responsive"/></div>
<div class="span8 second">
<div class="test1 span5"><a><strong>{{postone.user}}</strong></a></div>
<br/>{{postone.time}}<br/><br/>
<div class="test1 span7">{{postone.post}}</div>
<div class="test span8"><img src="/media/{{postone.image}}" width="300" height="300"/></div>
<div class="span8" style="margin-bottom:2%;"><a class="replytopost" style="margin-left:-4%;" onclick='tog({{postone.pk}})'>Reply<span class="badge">{{postone.number_of_reply}}</span></a><input class="id5" type="hidden" value='{{postone.pk }}'></div>
<div id='{{postone.pk}}' class="hid">
<form method="post" action="." enctype="multipart/form-data" class="horizontal-form" role="form" id='{{postone.pk}}' style=""> {% csrf_token %}
<input type="text" name="lname" class="rep1" style="border-radius: 0px; "><input type="submit" onclick="save_reply({{postone.pk}})" class="btn btn-info replysave" id='{{postone.pk}}' value="Reply" style="border-radius: 0px; margin-bottom: 10px;"/>
</form>
<br/>{% for rep1 in rep %}
<div class="span1 test1"><img src="/media/{{postone.image}}" class="img-circle img-responsive" width="50" height="50"></div>
<div class="span6 third">
<div class="test1 span5"><a><strong>{{postone.user}}</strong></a></div>
<br/>
<div class="test1 span7">{{postone.post}}</div><br/>
<div class="test1 span6" style="margin-top:3%; margin-left:10%; font-size:0.9em;">{% load humanize %} {{postone.time|naturaltime}}</div>
</div>
{% endfor %}
</div>
</div>
</div>
{% endfor %}
{%for post%中的postone}
{{postone.user}}
{{postone.time}
{{postone.post}}
回复{postone.number_of_Reply}
{%csrf_令牌%}
{rep%中的rep1的%
{{postone.user}}
{{postone.post}}
{%load humanize%}{{postone.time | naturaltime}
{%endfor%}
{%endfor%}
如下所示:
将javascript代码添加到页面,以通过ajax请求发送csrf值:
function getCookie(name) {
var cookieValue = null;
if (document.cookie && document.cookie != '') {
var cookies = document.cookie.split(';');
for (var i = 0; i < cookies.length; i++) {
var cookie = jQuery.trim(cookies[i]);
// Does this cookie string begin with the name we want?
if (cookie.substring(0, name.length + 1) == (name + '=')) {
cookieValue = decodeURIComponent(cookie.substring(name.length + 1));
break;
}
}
}
return cookieValue;
}
var csrftoken = getCookie('csrftoken');
function csrfSafeMethod(method) {
// these HTTP methods do not require CSRF protection
return (/^(GET|HEAD|OPTIONS|TRACE)$/.test(method));
}
$.ajaxSetup({
beforeSend: function(xhr, settings) {
if (!csrfSafeMethod(settings.type) && !this.crossDomain) {
xhr.setRequestHeader("X-CSRFToken", csrftoken);
}
}
});
函数getCookie(名称){
var-cookieValue=null;
if(document.cookie&&document.cookie!=''){
var cookies=document.cookie.split(“;”);
对于(变量i=0;iclass DisableCSRF(object):
def process_request(self, request):
if request.is_ajax():
setattr(request, '_dont_enforce_csrf_checks', True)
是的,这是一个快速而肮脏的解决方案,但我将其用于我的rest api后端,它不使用cookies。最好不要这样做。csrf并不仅仅是让您感到痛苦的东西,它可以保护项目不被禁用对ajax调用的csrf保护,并为各种攻击打开您的服务:。