我正在尝试使用Django编程从服务器端验证电子邮件和用户名可用性的注册表单。我检查了这个jQuery Validation Plugin remote check for password with Django但是我禁止403 - CSRF验证失败了。我尝试在jquery脚本中包含csrf标记。但仍然没有工作。我已经显示了以下代码来检查电子邮件的可用性。
views.py:
def email_check(request):
response_str="false"
if request.is_ajax():
e = request.POST.get("email_address")
try:
obj = User.objects.get(email=e)
except DoesNotExist:
response_str="true"
return HttpResponse(response_str)
urls.py:
url(r'^signup/email/check/$', 'registration.views.email_check')
signup.html: https://gist.github.com/2253002
有人可以帮我吗?
谢谢!
答案 0 :(得分:2)
您应该在名为“X-CSRFToken”的cookie中发送csrf令牌,有一种方法可以使用jQuery全局启用此行为:
https://docs.djangoproject.com/en/1.4/ref/contrib/csrf/#ajax
答案 1 :(得分:0)
$('html').ajaxSend(function(event, xhr, settings) {
function getCookie(name) {
var cookieValue = null;
if (document.cookie && document.cookie != '') {
var cookies = document.cookie.split(';');
for (var i = 0; i < cookies.length; i++) {
var cookie = jQuery.trim(cookies[i]);
// Does this cookie string begin with the name we want?
if (cookie.substring(0, name.length + 1) == (name + '=')) {
cookieValue = decodeURIComponent(cookie.substring(name.length + 1));
break;
}
}
}
return cookieValue;
}
if (!(/^http:.*/.test(settings.url) || /^https:.*/.test(settings.url))) {
// Only send the token to relative URLs i.e. locally.
xhr.setRequestHeader("X-CSRFToken", getCookie('csrftoken'));
}
});
在模板中引用上面的jquery代码,以确保您的AJAX POST调用始终包含csrf标记。有关详细信息,请查看官方文档中的this article。