我正在一个跟踪待办事项列表并从服务器中提取的网站上工作。 下面有两个示例ajax调用。任务GET调用工作正常,但添加POST不行。出于某种原因,它给了我403禁止的错误,因此,不会执行代码。
我在看403 Forbidden error when making an ajax Post request in Django framework 我读了@yohn发布的链接,但我不明白如何实施这个解决方案。
var tasker = (function() {
return {
tasks : function( ownerId, cb ) {
$.ajax({
url: "http://138.49.184.143:3000/tasker/api/"+ownerId+"?key=f725ebbc9c",
type: 'GET',
success: function(task) {
if(task){
var list = []
for(var a=0; a<task.length; a++){
var newTask = {
onwerId: task[a].ownderId,
desc: task[a].desc,
due: new Date(task[a].due),
color: task[a].color,
complete: task[a].complete,
id: task[a].id
};
list.push(newTask);
}
cb(list , null);
}
else{ cb(null, 'error retreiving your tasks');}
},
error: function( xhr, status, errorThrown ) {
alert( "Sorry, there was a problem! " + errorThrown );
},
});
},
add : function( ownerId, task, cb ) {
$.ajax({
url: "http://138.49.184.143:3000/tasker/api/"+ownerId+"?key=f725ebbc9c",
type: 'POST',
success: function(task) {
var d = new Date(task.due);
if(task){
var newTask = {
onwerId: task.ownderId,
desc: task.desc,
due: d,
color: task.color,
complete: task.complete,
id: task.id
};
cb(newTask , null);
}
else{cb(null, 'error adding your task');}
},
error: function( xhr, status, errorThrown ) {
alert( "Sorry, there was a problem! " + errorThrown );
},
});
},
}
})();
答案 0 :(得分:1)
Django在发出POST请求时需要csrf
令牌(除非您使用基于令牌的身份验证,但我假设您不在此处)。就像您需要在表单提交中包含{{ csrf_token }}
一样。
有关您需要它的原因以及csrf令牌的目的的更多信息:What is a CSRF token ? What is its importance and how does it work?
因此,对于您的问题,请将add
下的ajax调用更改为:
$.ajax({
url: "http://138.49.184.143:3000/tasker/api/"+ownerId+"?key=f725ebbc9c",
type: 'POST',
data: { csrfmiddlewaretoken: '{{ csrf_token }}'}, // added csrf token.
success: function(task) {
var d = new Date(task.due);
if(task){
var newTask = {
onwerId: task.ownderId,
desc: task.desc,
due: d,
color: task.color,
complete: task.complete,
id: task.id
};
cb(newTask , null);
}
else{cb(null, 'error adding your task');}
},
error: function( xhr, status, errorThrown ) {
alert( "Sorry, there was a problem! " + errorThrown );
},
});