在Django项目中通过Ajax发布csrf令牌时丢失或不正确

Question

请检查我是否使用下面的js来搜索内容。 这里iam从name = csrfmiddlewaretoken获取csrf标记。 请帮我在这

$(function(){ 
    $('#search').keyup(function(){ 
     $.ajax({ 
      type: "POST", 
      url:"/article/search_title/", 
      data:{ 
       'search_text' : $('#search').val(), 
       'csrfmiddlewaretoken' : $('input[name=csrfmiddlewaretoken]').val() 
      }, 
      success: searchSuccess, 
      dataType: 'html' 

     }); 

    }); 

}); 

function searchSuccess() { 
    $('search_success').html(data); 

} 

Answer 1

我写了一个关于AngularJS后和Django前几天，我在其中描述了所有的步骤，让他们一起玩好：http://www.daveoncode.com/2013/10/17/how-to-make-angularjs-and-django-play-nice-together/

不错的阅读:)

Answer 2

通过添加下面的代码我绕过CSRF令牌问题 感谢

$(document).ajaxSend(function(event, xhr, settings) { 
    function getCookie(name) { 
     var cookieValue = null; 
     if (document.cookie && document.cookie != '') { 
      var cookies = document.cookie.split(';'); 
      for (var i = 0; i < cookies.length; i++) { 
       var cookie = jQuery.trim(cookies[i]); 
       // Does this cookie string begin with the name we want? 
       if (cookie.substring(0, name.length + 1) == (name + '=')) { 
        cookieValue = decodeURIComponent(cookie.substring(name.length + 1)); 
        break; 
       } 
      } 
     } 
     return cookieValue; 
    } 
    function sameOrigin(url) { 
     // url could be relative or scheme relative or absolute 
     var host = document.location.host; // host + port 
     var protocol = document.location.protocol; 
     var sr_origin = '//' + host; 
     var origin = protocol + sr_origin; 
     // Allow absolute or scheme relative URLs to same origin 
     return (url == origin || url.slice(0, origin.length + 1) == origin + '/') || 
      (url == sr_origin || url.slice(0, sr_origin.length + 1) == sr_origin + '/') || 
      // or any other URL that isn't scheme relative or absolute i.e relative. 
      !(/^(\/\/|http:|https:).*/.test(url)); 
    } 
    function safeMethod(method) { 
     return (/^(GET|HEAD|OPTIONS|TRACE)$/.test(method)); 
    } 

    if (!safeMethod(settings.type) && sameOrigin(settings.url)) { 
     xhr.setRequestHeader("X-CSRFToken", getCookie('csrftoken')); 
    } 
}); 

Answer 3

刚刚从文档https://docs.djangoproject.com/en/dev/ref/contrib/csrf/

// using jQuery 
function getCookie(name) { 
    var cookieValue = null; 
    if (document.cookie && document.cookie != '') { 
    var cookies = document.cookie.split(';'); 
    for (var i = 0; i < cookies.length; i++) { 
     var cookie = jQuery.trim(cookies[i]); 
     // Does this cookie string begin with the name we want? 
     if (cookie.substring(0, name.length + 1) == (name + '=')) { 
      cookieValue = decodeURIComponent(cookie.substring(name.length + 1)); 
      break; 
     } 
    } 
    } 
    return cookieValue; 
} 
var csrftoken = getCookie('csrftoken');