我正在尝试测试一些在本地Django服务器上调用rest-auth软件包的Angular 2应用程序代码。
使用Chrome查看标题信息我在发布GET时会看到以下内容:
OPTIONS /rest-auth/user/ HTTP/1.0
Host: 127.0.0.1:8000
Accept: */*
Accept-Encoding: gzip, deflate, sdch
Accept-Language: en-US,en;q=0.8
Access-Control-Request-Headers: x-csrftoken
Access-Control-Request-Method: GET
Origin: http://localhost:8100
Referer: http://localhost:8100/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_11_6) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/52.0.2743.116 Safari/537.36
HTTP/1.0 200 OK
Access-Control-Allow-Headers: x-requested-with, content-type, accept, origin, authorization, x-csrftoken
Access-Control-Allow-Methods: GET, POST, PUT, PATCH, DELETE, UPDATE, OPTIONS
Access-Control-Allow-Origin: *
Access-Control-Max-Age: 86400
Content-Type: text/html; charset=utf-8
Date: Mon, 22 Aug 2016 17:31:43 GMT
Server: WSGIServer/0.2 CPython/3.4.3
X-Frame-Options: SAMEORIGIN
以下是403结果:
GET /rest-auth/user/ HTTP/1.0
Host: 127.0.0.1:8000
Accept: */*
Accept-Encoding: gzip, deflate, sdch
Accept-Language: en-US,en;q=0.8
Origin: http://localhost:8100
Referer: http://localhost:8100/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_11_6) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/52.0.2743.116 Safari/537.36
X-CSRFToken:
HTTP/1.0 403 Forbidden
Access-Control-Allow-Origin: *
Allow: GET, PUT, PATCH, HEAD, OPTIONS
Content-Type: application/json
Date: Mon, 22 Aug 2016 17:31:43 GMT
Server: WSGIServer/0.2 CPython/3.4.3
X-Frame-Options: SAMEORIGIN
我是否需要做一些特别的事情才能摆脱403错误?