我在两个应用程序的wireshark跟踪的响应头中获取了一个diff,发现在settings.py中设置ACCOUNT_EMAIL_VERIFICATION = 'optional'会改变HTTP响应cookie的行为。它在http标头中的cookie中设置了csrf字段,它通过给我csrf验证失败错误以某种方式将我后续的POST请求作为休息请求失败。这种行为是否正常?或者我应该做一些其他设置来改变它。我是django的新手。
如果它是愚蠢的话,请放轻松。
使用ACCOUNT_EMAIL_VERIFICATION = 'optional'
Allow: POST, OPTIONS, HEAD\r\n
Vary: Accept, Cookie\r\n
Content-Type: application/json\r\n
X-Frame-Options: SAMEORIGIN\r\n
Set-Cookie: sessionid=5bp1r9cr167ice1kb8o1sjeo5i4yv05x; expires=Mon, 23-Mar-2015 18:52:12 GMT; httponly; Max-Age=1209600; Path=/\r\n
Set-Cookie: csrftoken=33tKW0NTfjdWZ4CNtpqK91BxEMniJECM; expires=Mon, 07-Mar-2016 18:52:12 GMT; Max-Age=31449600; Path=/\r\n
[truncated]Set-Cookie: messages="d113558d7ba4e1085f84fce405e0ad52e2d0442b$[[\"__json_message\"\0540\05425\054\"Successfully signed in as abhishek10.\"]\054[\"__json_message\"\0540\05425\054\"Successfully signed in as abhishek11.\"]\054[\
\r\n
使用ACCOUNT_EMAIL_VERIFICATION = 'mandatory'
Allow: POST, OPTIONS, HEAD\r\n
Content-Type: application/json\r\n
X-Frame-Options: SAMEORIGIN\r\n
Vary: Accept, Cookie\r\n
Set-Cookie: sessionid=2k89iyebjvy4vqulqfiqntjaft2a2d68; expires=Mon, 23-Mar-2015 18:57:21 GMT; httponly; Max-Age=1209600; Path=/\r\n
\r\n