我有一个设置Django服务器,并希望使用ajax通过Phonegap应用程序访问它。这到目前为止运作良好。现在我尝试将文件上传到服务器,但我收到状态码403 FORBIDDEN。
我认为这是因为我使用表单上传文件而csrf无效。
在登录时提取csrf令牌:
def login(request):
...
response = {
...
'csrf' : get_new_csrf_key()
}
return HttpResponse(json.dumps(response), content_type='json')
并存储在公共R.user.csrf
中服务器上传视图:
from django.middleware.csrf import _get_new_csrf_key as get_new_csrf_key
from django.middleware.csrf import CsrfViewMiddleware
...
def uploadfile(request):
...
if request.is_ajax():
form = UploadForm(request.POST, request.FILES)
u_file = request.FILES['upload']
extension = u_file.name.split(".")[-1]
upload = File(
data = u_file,
owner = user,
fileid = newfid,
name = 'newfile',
description = u_file.name,
createdat = timezone.now(),
type = extension
)
upload.save()
response = {
'head' : 'Success',
'message' : 'Filed uploaded!',
'time' : '3000',
'fileid' : newfid
}
return HttpResponse(json.dumps(response), content_type='json')
申请ajax电话:
var uploadFile = function(){
console.log('uploading file...');
updateLoader(1);
var selectFile = $('#selectfile');
var file = new FormData($('#uploadForm')[0]);
var request = $.ajax({
type : "POST",
url : R.urls.uploadfile,
data : {
'file' : file,
csrfmiddlewaretoken : R.user.csrf
},
processData : false,
contentType : false,
error : function(response) {
console.log('upload failed!');
updateLoader(-1);
showMessage("Failed", "Something went wrong...", 3000);
selectFile.replaceWith(selectFile = selectFile.clone(true));
},
success : function(data) {
console.log('upload successful!');
updateLoader(-1);
var filename = $('#filename').val();
var parent = $('#parentfolder').val();
sendReRequest(data.fileid, filename, parent);
selectFile.replaceWith(selectFile = selectFile.clone(true));
}
});
};
HTML:
<input class="inputfield" type="text" id="parentfolder" name="parentfolder"><br/>
<input class="inputfield" type="text" id="filename" name="filename" placeholder="Give your file a name"><br/>
<form id="uploadForm" method="post" enctype="multipart/form-data">
<input class="inputfield" id="selectfile" type="file" name="upload"><br/>
<input id="uploadfilebutton" type="submit" value="Upload" />
</form>
我也尝试过:
var csrfSafeMethod = function(method) {
// these HTTP methods do not require CSRF protection
return (/^(GET|HEAD|OPTIONS|TRACE)$/.test(method));
};
$.ajaxSetup({
beforeSend: function(xhr, settings) {
if (!csrfSafeMethod(settings.type) && !this.crossDomain) {
xhr.setRequestHeader("X-CSRFToken", R.user.csrf);
}
}
});
我想念什么?谢谢!