在我的应用程序中,我通过ajax请求将文件发送到django rest api以进行文件上传。我已禁用csrf令牌以便我可以通过app发送请求。问题是任何人都可以发送ajax请求并获得结果
ajax请求:
var formid = document.getElementById('upload');
var url = $('upload').attr( 'action' );
var form = new FormData(formid);
var remark = document.getElementById('remarkt').value;
form.append("remark", remark);
form.append("file", $("#filet")[0].files[0]);
var settings = {
"async": true,
"crossDomain": true,
"url": url,
"method": "POST",
"processData": false,
"contentType": false,
"mimeType": "multipart/form-data",
"data": form
}
$.ajax(settings).done(function (response) {
console.log(response);
});
后端代码:
class FileView(APIView):
parser_classes = (MultiPartParser, FormParser)
def post(self, request, *args, **kwargs):
file_serializer = FileSerializer(data=request.data)
if file_serializer.is_valid():
file_serializer.save()
我该怎么办才能接受来自应用程序的请求?