我通过AJAX向api发送了一个post请求(当前页面和api都在同一主机下)。我得到csrf failed: csrf token missing or incorrect error。当我从1.8升级到django 1.10时发生了这种情况。我用django 1.9进行了检查,错误仍然存在于1.9。下面是详细的卷曲:CSRF失败:从1.8升级到django 1.10后CSRF令牌丢失或不正确
curl 'https://tru-staging.com/pagemaker/api/v1/carousel/slide/' -H 'Pragma: no-cache' -H 'Origin: https://tru-staging.com' -H 'Accept-Encoding: gzip, deflate, br' -H 'Accept-Language: en-US,en;q=0.8,ar;q=0.6' -H 'Authorization: Token undefined' -H 'Content-Type: application/json;charset=UTF-8' -H 'Accept: application/json, text/plain, */*' -H 'Cache-Control: no-cache' -H 'X-CSRFToken: UMQPAIb1OTl7MyiQLJttdKE8xOLz35pMaHeNGMMDqy0Jn3x8SpbaEUmzOQk7Fppr' -H 'User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_12_1) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/55.0.2883.95 Safari/537.36' -H 'Cookie: _ga=GA1.2.2131330908.1484113382; sessionid=nnxqi67j18tblt985vayyz4ssyhdnfjm; csrftoken=o6gjW1Sxb1X23hI9RurDIAXjSuEbbgbMQJtMQyS2gT1yTnCGF80rmmB8pwSOSKKj' -H 'Connection: keep-alive' -H 'Referer: https://tru-staging.com/68/school_landing/' --data-binary '{"order":4,"carousel":736}' —compressed
这是什么造成的? – sachitad
在进行AJAX调用之前如何设置X-CSRFToken?我假设你有一个getCookie()函数来抓取它? – Scovetta
我这样做。我是这样的设置标题:https://gist.github.com/sachitad/793b96e56ca719f77bae687085bcd99a – sachitad