Question

我将React作为正面，而将Django作为背面。 Httprequest失败，提示未设置CSRF Cookie。我遵循了the django docs,我的代码：

data_df['grade'] = data_df['grade'].astype('int')

使用var jQuery = require("jquery"); // using jQuery function getCookie(name) { var cookieValue = null; if (document.cookie && document.cookie !== '') { var cookies = document.cookie.split(';'); for (var i = 0; i < cookies.length; i++) { var cookie = jQuery.trim(cookies[i]); // Does this cookie string begin with the name we want? if (cookie.substring(0, name.length + 1) === (name + '=')) { cookieValue = decodeURIComponent(cookie.substring(name.length + 1)); break; } } } return cookieValue; } let header = new Headers({ "X-CSRFToken": getCookie("csrftoken"), "Content-Type": "application/json; charset=utf-8", "Access-Control-Request-Headers": "*", "Access-Control-Allow-Methods": "GET, POST, HEAD, OPTIONS, PUT, DELETE, PATCH" });打印 null ，这使我相信Django并未设置Cookie。

我的中间件看起来像这样：

console.log(getCookie("csrftoken"));

在开发初期，我使用此视图进行测试：

MIDDLEWARE = [
    'corsheaders.middleware.CorsMiddleware',
    'django.middleware.security.SecurityMiddleware',
    'django.contrib.sessions.middleware.SessionMiddleware',
    'django.middleware.common.CommonMiddleware',
    'django.middleware.csrf.CsrfViewMiddleware',
    'django.contrib.auth.middleware.AuthenticationMiddleware',
    'django.contrib.messages.middleware.MessageMiddleware',
    'django.middleware.clickjacking.XFrameOptionsMiddleware',
]

这很好用，但是每次用户使用该网站时调用它并不干净。

失败的视图：

@ensure_csrf_cookie
def token(request):
    if request.method == 'GET':
        return HttpResponse(status=204)
    else:
        return HttpResponseNotAllowed(['GET'])

我正在使用其他一些视图，如果我不提供CSRF密钥，它们也会失败。

Answer 1

如评论中所述。我通过我的jquery传递了csrf令牌的值，如下所示。也许您可以尝试相同的方法。

    create procedure SALESLISTv1
    <Initiating the variables>       
    @in_CH3 nvarchar(30),       
    @in_CH4 nvarchar(30),      
    @in_CH5 nvarchar(30),      
    @in_CH6 nvarchar(30),     
    @in_CUSTOMER nvarchar(30),      
    @in_REVIEWBU nvarchar(30),      
    @in_MEASUR nvarchar(30),     
    @in_Material nvarchar(30),      
    @in_Source nvarchar(30),      
    @in_SKU nvarchar(30),      
    @in_MARKET nvarchar(30),      
    @in_BRAND nvarchar(30)    

    AS         
    BEGIN   
     select INTERNAL_BU,    
       sum(Jan2018_CS) as Jan2018_CS,sum(Feb2018_CS) as Feb2018_CS ,sum(Mar2018_CS) as Mar2018_CS,    
       sum(Apr2018_CS) as Apr2018_CS ,sum(May2018_CS) as May2018_CS,sum(Jun2018_CS) as Jun2018_CS,sum(Jul2018_CS) as Jul2018_CS,    
       sum(Aug2018_CS) as Aug2018_CS,sum(Sep2018_CS) as Sep2018_CS,sum(Oct2018_CS) as Oct2018_CS,    
       sum(Nov2018_CS) as Nov2018_CS ,sum(Dec2018_CS) as Dec2018_CS    
       from [dbo].[salescubev1]   
       WHERE  
       CH3=@in_CH3 and CH4=@in_CH4 AND CH5=@in_CH5 AND CH6=@in_CH6 AND CUSTOMER=@in_CUSTOMER AND REVIEW_BU=@in_REVIEWBU AND MEASURE=@in_MEASUR AND MATERIAL=@in_Material AND SOURCE=@in_Source AND SKU=@in_SKU AND MARKET=@in_MARKET AND BRAND=@in_BRAND  
       group by  INTERNAL_BU   
       order by INTERNAL_BU       
     END

设置Django CSRF Cookie

1 个答案:

设置Django CSRF Coo​​kie

1 个答案:

设置Django CSRF Cookie