Warning: file_get_contents(/data/phpspider/zhask/data//catemap/2/python/289.json): failed to open stream: No such file or directory in /data/phpspider/zhask/libs/function.php on line 167

Warning: Invalid argument supplied for foreach() in /data/phpspider/zhask/libs/tag.function.php on line 1116

Notice: Undefined index: in /data/phpspider/zhask/libs/function.php on line 180

Warning: array_chunk() expects parameter 1 to be array, null given in /data/phpspider/zhask/libs/function.php on line 181
Jquery Django Tastypie总是在未经授权的情况下返回_Jquery_Python_Ajax_Django_Tastypie - Fatal编程技术网
Fatal编程技术网
  • jquery/
  • Jquery Django Tastypie总是在未经授权的情况下返回

Jquery Django Tastypie总是在未经授权的情况下返回

jquery python ajax django

Jquery Django Tastypie总是在未经授权的情况下返回,jquery,python,ajax,django,tastypie,Jquery,Python,Ajax,Django,Tastypie,我对我的Tastype资源使用ajax请求,但即使我使用SessionAuthentication()和DjangAuthorization(),它也会得到401 资源.py class EventsResource(ModelResource): user = fields.ForeignKey(UserResource, 'user') class Meta: queryset = Event.objects.all() resource_name

我对我的Tastype资源使用ajax请求,但即使我使用SessionAuthentication()和DjangAuthorization(),它也会得到401

资源.py

class EventsResource(ModelResource):

user = fields.ForeignKey(UserResource, 'user')

    class Meta:
        queryset = Event.objects.all()
        resource_name = 'events'
        filtering = {'start': ALL,
                     'end':ALL
                     }
        list_allowed_methods = ['get', 'post','put', 'patch']
        detail_allowed_methods = ['get', 'post', 'put', 'delete']
        authentication = SessionAuthentication()
        authorization = Authorization()
        include_resource_uri = True
        limit = 0
        always_return_data = True
这是一个日历资源,所以我有一个事件模型,我的ajax请求在django admin中加载的javascript文件中;我还检查了请求头是否有csrf令牌和会话id,但它不起作用

.ajax({
                    url:  event.resource_uri,
                    dataType: 'json',
                    contentType: 'application/json; encode=UTF-8',
                    type: 'DELETE',
                    success: function () {
                        $calendar.fullCalendar('removeEvents');
                        $calendar.fullCalendar('refetchEvents');
                        $('#modal-confirm').modal('hide');
                        showmsg('Evento eliminato correttamente', 'warning');
                    }
                });
您使用的是
SessionAuthentication
,但没有提供CSRF令牌头(我看到您已经检查了它,但它没有出现在您的代码中)

{%csrf\u token%}
标记包含在包含JavaScript的页面中的某个位置,然后使用
beforeSend
选项修改AJAX方法以设置
X-csrf-token
标题:

$.ajax({
    url:  event.resource_uri,
    dataType: 'json',
    contentType: 'application/json; encode=UTF-8',
    type: 'DELETE',
    beforeSend: function(jqXHR) {
        jqXHR.setRequestHeader('X-CSRFToken', $('input[name=csrfmiddlewaretoken]').val());
    },
    success: function () {
        $calendar.fullCalendar('removeEvents');
        $calendar.fullCalendar('refetchEvents');
        $('#modal-confirm').modal('hide');
        showmsg('Evento eliminato correttamente', 'warning');
    }
});
每个POST请求都应将CSRF令牌作为POST数据传入。CSRF令牌的推荐来源是cookies,如下所示:

getCookie: function(name) {
    var cookieValue = null;
    if (document.cookie && document.cookie != '') {
        var cookies = document.cookie.split(';');
        for (var i = 0; i < cookies.length; i++) {
            var cookie = $.trim(cookies[i]);
            if (cookie.substring(0, name.length + 1) == (name + '=')) {
                cookieValue = decodeURIComponent(cookie.substring(name.length + 1));
                break;
            }
        }
    }
    return cookieValue;
}

var csrftoken = this.getCookie('csrftoken');
//Use Setup prior or use the beforeSend on the fly 
/*$.ajaxSetup({
    beforeSend: function(xhr, settings) {
            xhr.setRequestHeader("X-CSRFToken", csrftoken);
    }
});*/
$.ajax({
    type: "POST",
    dataType: "json",
    contentType: "application/json",
    url: "/my/uri/",
    data: {"any": "thing"},
    beforeSend: function(xhr, settings) {
        xhr.setRequestHeader("X-CSRFToken", csrftoken);
    },
    success: function(data) {
        console.log("Weeey") ;
    }
});
参考: