1. 首页
  2. 问答
  3. Django - 发布阿贾克斯请求禁止403与ExtJS

Django - 发布阿贾克斯请求禁止403与ExtJS

2014-01-07 43 views
0

我使用ExtJs来创建一个按钮,做一个Ajax发布到我的Django应用程序,但该帖子被FORBIDDEN(403)错误阻止。Django - 发布阿贾克斯请求禁止403与ExtJS

我tryed由没有成功的自定义X-CSRFToken头设置为CSRF令牌(https://docs.djangoproject.com/en/1.3/ref/contrib/csrf/#ajax)的值

ExtJS.js

 action = new Ext.Button({ 
      text: 'Ajax Test', 
      handler: function() { 
       Ext.Ajax.request({ 
         url: 'test/', 
         method: 'POST', 
         headers: { 'Content-Type': 'application/json'}, 
         params: {'test': 'test'}, 
         success: function(response, opts) { 
           var obj = Ext.decode(response.responseText); 
           console.dir(obj); 
           }, 
         failure: function(response, opts) { 
           console.log('server-side failure'); 
           } 
       }); 
      }, 
     });

视图传递CSRF令牌作为POST数据的.py

def test(request): 
    print "TEST WORKING" 
    print dict(request.POST.copy().iteritems()) 
    return HttpResponse("")

CHROME网络标签:

响应:

CSRF verification failed. Request aborted.

饼干:

Request Cookies: 
csrftoken : S7uLgmhqeprWqL4NdH9mznIfpTgyM9RP 
djdt : hide 
djdttop : 30 
sessionid : sx4ukmkitqp39wvuve1a9zed2kjiwfb1 

Response Cookies: 
(empty)

接头:

Request URL:http://127.0.0.1:8000/basqui/layer/edit/2/test/ 
Request Method:POST 
Status Code:403 FORBIDDEN 
Request Headersview source 
Accept:*/* 
Accept-Encoding:gzip,deflate,sdch 
Accept-Language:fr-FR,fr;q=0.8,en-US;q=0.6,en;q=0.4 
Connection:keep-alive 
Content-Length:9 
Content-Type:application/x-www-form-urlencoded; charset=UTF-8 
Cookie:sessionid=sx4ukmkitqp39wvuve1a9zed2kjiwfb1; csrftoken=S7uLgmhqeprWqL4NdH9mznIfpTgyM9RP; djdttop=30; djdt=hide 
Host:127.0.0.1:8000 
Origin:http://127.0.0.1:8000 
Referer:http://127.0.0.1:8000/basqui/layer/edit/2 
User-Agent:Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/31.0.1650.63 Safari/537.36 
X-Requested-With:XMLHttpRequest 
Form Dataview sourceview URL encoded 
test:test 
Response Headersview source 
Content-Type:text/html 
Date:Tue, 07 Jan 2014 16:52:15 GMT 
Server:WSGIServer/0.1 Python/2.7.5 
X-Frame-Options:SAMEORIGIN

来源

2014-01-07 Below the Radar

+0

显示我们Django的视图以及.. – mariodev

+0

添加CSRF令牌是正确的解决方案,可以请你加了一遍,然后做请求和复制/从浏览器开发工具网络标签粘贴帖子和回复? – krs

+0

习惯上,添加CSRF令牌时,ajax文章正在工作。我认为它不在这里工作,因为ajax初始化通过extJS –

回答

4 
 action = new Ext.Button({ 
     text: 'Ajax Test', 
     handler: function() { 
      var csrf = Ext.util.Cookies.get('csrftoken'); 
      Ext.Ajax.request({ 
        url: 'test/', 
        method: 'POST', 
        headers: { 'Content-Type': 'application/json'}, 
        params: {'test': 'test', 'csrfmiddlewaretoken': csrf}, 
        success: function(response, opts) { 
          var obj = Ext.decode(response.responseText); 
          console.dir(obj); 
          }, 
        failure: function(response, opts) { 
          console.log('server-side failure'); 
          } 
      }); 
     }, 
    });

来源

2014-06-03 02:38:29 7i11

1

https://www.sencha.com/forum/showthread.php?134125-Django-1-3-Login-with-ExtJS-4-and-CSRF

我把这个在我的应用程序启动功能:

Ext.require(["Ext.util.Cookies", "Ext.Ajax"], function(){ 
    // Add csrf token to every ajax request 
    var token = Ext.util.Cookies.get('csrftoken'); 
    if(!token){ 
     Ext.Error.raise("Missing csrftoken cookie"); 
    } else { 
     Ext.Ajax.defaultHeaders = Ext.apply(Ext.Ajax.defaultHeaders || {}, { 
      'X-CSRFToken': token 
     }); 
    } 
});

来源

2017-09-15 15:30:56

相关问题

 相关问题