最近我一直在研究AngularJS和Django。 AngularJS承诺自动处理名为'XSRF-TOKEN'的传入cookie并添加名为'X-XSRF-TOKEN'的请求标头。所以我设置在settings.py Django的变量:【django-1.11.3/angular-1.6.4】POST AJAX CSRF验证失败
CSRF_COOKIE_NAME = 'XSRF-TOKEN'
CSRF_HEADER_NAME = 'X-CSRF-TOKEN'
显然,作为隐含here它无法正常工作。 所以我不得不安装angular-cookies.js模块来检索'csrftoken'cookie,并将它的值放在请求头'X-CSRF-TOKEN'中。但是,它仍然无法正常工作。那么这次呢,它一定是在服务器端。
HTML模板:
<!DOCTYPE html>
<html>
<head>
<meta content="text/html; charset=UTF-8" http-equiv="Content-Type">
<title>youtube-dl</title>
<link href="/video/css/video.css" rel="stylesheet" type="text/css">
<script src="/js/angular-1.6.4.min.js" type="text/javascript"></script>
<script src="/js/angular-cookies.js" type="text/javascript"></script>
</head>
<body>
<div id="container" class="center" ng-app="vc" ng-controller="vc-ctl">
<img id="dl-icon" src="/video/logo.png"></img>
<form name="form">
{% csrftoken %}
<input class="url {{urlState}}" type="url" name="url" placeholder="https://" required autofocus ng-model="url">
<button class="btn btn1" ng-if="!form.url.$valid">
{{ buttonText }}
</button>
<button class="btn btn2 {{btn2State}}" ng-if="form.url.$valid" ng-click="click();">
{{ buttonText }}
</button>
</form>
</div>
<script src="/video/js/app.js" type="text/javascript"></script>
</body>
</html>
views.py:
# -*- coding: utf-8 -*-
from __future__ import unicode_literals
import json
from django.shortcuts import render
from django.http import HttpResponse
from .models import VideoTask
# Create your views here.
def index(request):
if request.method == 'GET':
return render(request, 'video/index.html')
stat = {
"full_path: ", request.get_full_path(),
"host: ", request.get_host(),
"port: ", request.get_port(),
"is_ajax: ", request.is_ajax(),
"is_secure: ", request.is_secure(),
"data: ", request.read(),
}
return HttpResponse(json.dumps(stat))
settings.py:
CSRF_COOKIE_NAME = 'csrftoken'
CSRF_HEADER_NAME = 'X-CSRF-TOKEN'
app.js:
var app = angular.module("vc", [
'ngCookies'
]);
app.run(function($rootScope, $http, $cookies) {
$rootScope.buttonText = "Submit URL";
$http.defaults.headers.post['X-CSRF-TOKEN'] = $cookies.csrftoken;
});
app.controller("vc-ctl", function($scope, $http, $cookies) {
$scope.cb_success = function(res) {
$scope.progList = res.data.progList;
};
$scope.cb_failure = function(res) {
console.log(res.status);
};
$scope.postUrl = "/wsgi/video/";
$scope.click = function() {
//$scope.btn2State = "hidden";
var data = encodeURIComponent($scope.url);
var cookie_csrf = $cookies.get('csrftoken');
console.log("Cookie: \"" + cookie_csrf + "\"");
console.log("POST {data: \"" + data + "\"}");
var req = {
method: 'POST',
url: $scope.postUrl,
headers: {
'X-CSRF-TOKEN': cookie_csrf,
},
data: {
url: data
}
};
$http(req).then($scope.cb_success, $scope.cb_failure);
};
$scope.update = function() {
$http.post($scope.postUrl, {"action": "echo"}).then($scope.cb_success, $scope.cb_failure);
};
});
显然我在我的HTML表单中有{%csrftoken%}。 当我在Firefox中检查我的数据包时,我有两个标头'Cookie'和'X-CSRF-TOKEN'。
错误是什么? –
@Kashif Siddiqui我只是附加了一个截图和一个链接到我的页面。 –