CSRF的归还存在问题。前端使用VueJs。 我有登录API:
class UserLoginAPIView(APIView):
permission_classes = [AllowAny]
serializer_class = UserLoginSerializer
def get(self, request, format=None):
return Response(status=status.HTTP_200_OK)
# @ensure_csrf_cookie
def post(self, request, *args, **kwargs):
data = request.data
serializer = UserLoginSerializer(data=data)
if serializer.is_valid():
new_data = serializer.data
user = User.objects.get(**new_data)
context = {
'username': user.username,
'id': user.id,
}
auth.login(request, user=user)
log.info("User %s is logged" % data['username'])
return Response(context)
return Response(serializer.errors, status=HTTP_400_BAD_REQUEST)
从注释行可以看出,我试图在会话中编写它,但它不起作用。我还尝试装饰URL:
path('login/', ensure_csrf_cookie(UserLoginAPIView.as_view()), name="login"),
请告诉我如何将csrf令牌返回到前端并检查它?也许它在某种程度上需要在Response中返回?