通过ajax在服务器请求上禁止错误403

时间:2016-12-16 01:03:13

标签: javascript ajax django

我正在一个跟踪待办事项列表并从服务器中提取的网站上工作。 下面有两个示例ajax调用。任务GET调用工作正常,但添加POST不行。出于某种原因,它给了我403禁止的错误,因此,不会执行代码。

我在看403 Forbidden error when making an ajax Post request in Django framework 我读了@yohn发布的链接,但我不明白如何实施这个解决方案。

var tasker = (function() {
    return {
        tasks : function( ownerId, cb ) {
            $.ajax({ 
                url: "http://138.49.184.143:3000/tasker/api/"+ownerId+"?key=f725ebbc9c",
                type: 'GET',
                success: function(task) {
                    if(task){
                        var list = []
                        for(var a=0; a<task.length; a++){                   
                            var newTask = {
                                onwerId: task[a].ownderId,
                                desc: task[a].desc,
                                due: new Date(task[a].due),
                                color: task[a].color,
                                complete: task[a].complete,
                                id: task[a].id
                            };
                            list.push(newTask);
                        }
                        cb(list , null);
                    }
                    else{ cb(null, 'error retreiving your tasks');}
                },
                error: function( xhr, status, errorThrown ) {
                    alert( "Sorry, there was a problem! "  + errorThrown );
                },
            });      
        },

        add : function( ownerId, task, cb ) {
            $.ajax({ 
                url: "http://138.49.184.143:3000/tasker/api/"+ownerId+"?key=f725ebbc9c",
                type: 'POST',
                success: function(task) {
                    var d = new Date(task.due);
                    if(task){
                        var newTask = {
                            onwerId: task.ownderId,
                            desc: task.desc,
                            due: d,
                            color: task.color,
                            complete: task.complete,
                            id: task.id
                        };
                        cb(newTask , null);
                    }
                    else{cb(null, 'error adding your task');}
                },
                error: function( xhr, status, errorThrown ) {
                    alert( "Sorry, there was a problem! "  + errorThrown );
                },
            });            
        },
    }       

})();

1 个答案:

答案 0 :(得分:1)

Django在发出POST请求时需要csrf令牌(除非您使用基于令牌的身份验证,但我假设您不在此处)。就像您需要在表单提交中包含{{ csrf_token }}一样。

有关您需要它的原因以及csrf令牌的目的的更多信息:What is a CSRF token ? What is its importance and how does it work?

因此,对于您的问题,请将add下的ajax调用更改为:

$.ajax({ 
        url: "http://138.49.184.143:3000/tasker/api/"+ownerId+"?key=f725ebbc9c",
        type: 'POST',
        data: { csrfmiddlewaretoken: '{{ csrf_token }}'}, // added csrf token.
        success: function(task) {
            var d = new Date(task.due);
            if(task){
                var newTask = {
                    onwerId: task.ownderId,
                    desc: task.desc,
                    due: d,
                    color: task.color,
                    complete: task.complete,
                    id: task.id
                };
                cb(newTask , null);
            }
            else{cb(null, 'error adding your task');}
        },
        error: function( xhr, status, errorThrown ) {
            alert( "Sorry, there was a problem! "  + errorThrown );
        },
    });