Django Phonegap csrf设置

时间:2014-10-01 18:05:13

标签: ajax django cordova csrf

我有一个设置Django服务器,并希望使用ajax通过Phonegap应用程序访问它。这到目前为止运作良好。现在我尝试将文件上传到服务器,但我收到状态码403 FORBIDDEN。

我认为这是因为我使用表单上传文件而csrf无效。

在登录时提取csrf令牌:

def login(request):
...
response = {
    ...
    'csrf' : get_new_csrf_key()
}
return HttpResponse(json.dumps(response), content_type='json')

并存储在公共R.user.csrf

服务器上传视图:

from django.middleware.csrf import _get_new_csrf_key as get_new_csrf_key
from django.middleware.csrf import CsrfViewMiddleware

...

def uploadfile(request):
    ...
    if request.is_ajax():
        form = UploadForm(request.POST, request.FILES)
        u_file = request.FILES['upload']
        extension = u_file.name.split(".")[-1]

        upload = File(
            data = u_file,
            owner = user,
            fileid = newfid,
            name = 'newfile',
            description = u_file.name,
            createdat = timezone.now(),
            type = extension
        )
        upload.save()
        response = {
            'head' : 'Success',
            'message' : 'Filed uploaded!',
            'time' : '3000',
            'fileid' : newfid
        }

    return HttpResponse(json.dumps(response), content_type='json')

申请ajax电话:

var uploadFile = function(){
    console.log('uploading file...');
    updateLoader(1);
    var selectFile = $('#selectfile');
    var file = new FormData($('#uploadForm')[0]);
    var request = $.ajax({
        type : "POST",
        url : R.urls.uploadfile,
        data : {
            'file' : file,
            csrfmiddlewaretoken : R.user.csrf
        },
        processData : false,
        contentType : false,
        error : function(response) {
            console.log('upload failed!');
            updateLoader(-1);
            showMessage("Failed", "Something went wrong...", 3000);
            selectFile.replaceWith(selectFile = selectFile.clone(true));
        },
        success : function(data) {
            console.log('upload successful!');
            updateLoader(-1);
            var filename = $('#filename').val();
            var parent = $('#parentfolder').val();
            sendReRequest(data.fileid, filename, parent);
            selectFile.replaceWith(selectFile = selectFile.clone(true));
        }
    });
};

HTML:

<input class="inputfield" type="text" id="parentfolder" name="parentfolder"><br/>
<input class="inputfield" type="text" id="filename" name="filename"  placeholder="Give your file a name"><br/>
<form id="uploadForm" method="post" enctype="multipart/form-data">
    <input class="inputfield" id="selectfile" type="file" name="upload"><br/>
    <input id="uploadfilebutton" type="submit" value="Upload" />
</form>

我也尝试过:

var csrfSafeMethod = function(method) {
    // these HTTP methods do not require CSRF protection
    return (/^(GET|HEAD|OPTIONS|TRACE)$/.test(method));
};

$.ajaxSetup({
    beforeSend: function(xhr, settings) {
        if (!csrfSafeMethod(settings.type) && !this.crossDomain) {
            xhr.setRequestHeader("X-CSRFToken", R.user.csrf);
        }
    }
});

我想念什么?谢谢!

0 个答案:

没有答案
相关问题
最新问题