Python Django Rest框架抱怨CSRF
我开发了一个简单的Web服务,但未能将post与Django Rest框架一起使用,因为它抱怨CSRF: “详细信息”:“CSRF失败:未设置CSRF cookie。” 删除api\u视图装饰器确实会阻止消息出现,但是我将无法访问请求。数据。我认为api\u视图确实会检查CSRF,尽管我添加了CSRF豁免装饰器 我的看法是:Python Django Rest框架抱怨CSRF,python,django,csrf,Python,Django,Csrf,我开发了一个简单的Web服务,但未能将post与Django Rest框架一起使用,因为它抱怨CSRF: “详细信息”:“CSRF失败:未设置CSRF cookie。” 删除api\u视图装饰器确实会阻止消息出现,但是我将无法访问请求。数据。我认为api\u视图确实会检查CSRF,尽管我添加了CSRF豁免装饰器 我的看法是: @permission_classes((IsAuthenticated, )) @csrf_exempt @api_view(['POST']) def get_stat
@permission_classes((IsAuthenticated, ))
@csrf_exempt
@api_view(['POST'])
def get_stats(request):
"""
Returns the stats available.
"""
user = request.user
if request.method == 'POST':
serializer = StatsRequestSerializer(data=request.data)
stats_request = serializer.data
return JSONResponse(stats_request)
#serializer = QuizSerializer(user.quizes.all(), many=True)
#return JSONResponse(serializer.data)
response = ActionResponse(status='error', error='Invalid request')
serializer = ActionResponseSerializer(response)
return JSONResponse(serializer.data, status=400)
class StatsRequest(models.Model):
"""
A model which describes a request for some stats for specific users.
"""
start_date = models.DateField()
end_date = models.DateField()
{"start_date" : "1992-01-15", "end_date" : "1992-01-15" }
AUTHENTICATION_BACKENDS = (
'social.backends.facebook.FacebookOAuth2',
'social.backends.google.GoogleOAuth2',
'django.contrib.auth.backends.ModelBackend'
)
所以,经过几个小时的努力,我终于做到了。 通过跟踪DRF和Django的源代码,我认为我需要找到一个解决方法,因为即使关闭了CSRF验证,也会显式地进行CSRF检查,可能是在api_视图装饰器上进行CSRF检查。所以我只是创建了自己的装饰师:
from functools import wraps
from django.utils.decorators import available_attrs, decorator_from_middleware
def csrf_clear(view_func):
"""
Skips the CSRF checks by setting the 'csrf_processing_done' to true.
"""
def wrapped_view(*args, **kwargs):
request = args[0]
request.csrf_processing_done = True
return view_func(*args, **kwargs)
return wraps(view_func, assigned=available_attrs(view_func))(wrapped_view)
@csrf_clear
@api_view(['POST'])
@permission_classes((IsAuthenticated, ))
def get_stats(request):
"""
Returns the stats available.
"""
user = request.user
if request.method == 'POST':
serializer = StatsRequestSerializer(data=request.data)
if serializer.is_valid():
stats_request = serializer.data
return JSONResponse(stats_request)
#serializer = QuizSerializer(user.quizes.all(), many=True)
#return JSONResponse(serializer.data)
response = ActionResponse(status='error', error='Invalid request')
serializer = ActionResponseSerializer(response)
return JSONResponse(serializer.data, status=400)
from functools import wraps
from django.utils.decorators import available_attrs, decorator_from_middleware
def csrf_clear(view_func):
"""
Skips the CSRF checks by setting the 'csrf_processing_done' to true.
"""
def wrapped_view(*args, **kwargs):
request = args[0]
request.csrf_processing_done = True
return view_func(*args, **kwargs)
return wraps(view_func, assigned=available_attrs(view_func))(wrapped_view)
@csrf_clear
@api_view(['POST'])
@permission_classes((IsAuthenticated, ))
def get_stats(request):
"""
Returns the stats available.
"""
user = request.user
if request.method == 'POST':
serializer = StatsRequestSerializer(data=request.data)
if serializer.is_valid():
stats_request = serializer.data
return JSONResponse(stats_request)
#serializer = QuizSerializer(user.quizes.all(), many=True)
#return JSONResponse(serializer.data)
response = ActionResponse(status='error', error='Invalid request')
serializer = ActionResponseSerializer(response)
return JSONResponse(serializer.data, status=400)
from django.views.decorators.csrf import csrf_exempt
urlpatterns = [
url(r'^snippets/$', views.SnippetList.as_view()),
url(r'^snippets/(?P<pk>[0-9]+)/$', csrf_exempt(views.SnippetDetail.as_view())),
对于每个POST请求,您都需要发送一个crsf令牌。在docs@Hinrich中有更多关于这方面的信息:这就是
csrf\u豁免api\u视图csrf\u豁免