给出here的Django jQuery修复程序在iPad上不起作用。关于如何使其发挥作用的任何想法?
修复代码:
$(document).ajaxSend(function(event, xhr, settings) {
function getCookie(name) {
var cookieValue = null;
if (document.cookie && document.cookie != '') {
var cookies = document.cookie.split(';');
for (var i = 0; i < cookies.length; i++) {
var cookie = jQuery.trim(cookies[i]);
// Does this cookie string begin with the name we want?
if (cookie.substring(0, name.length + 1) == (name + '=')) {
cookieValue = decodeURIComponent(cookie.substring(name.length + 1));
break;
}
}
}
return cookieValue;
}
function sameOrigin(url) {
// url could be relative or scheme relative or absolute
var host = document.location.host; // host + port
var protocol = document.location.protocol;
var sr_origin = '//' + host;
var origin = protocol + sr_origin;
// Allow absolute or scheme relative URLs to same origin
return (url == origin || url.slice(0, origin.length + 1) == origin + '/') ||
(url == sr_origin || url.slice(0, sr_origin.length + 1) == sr_origin + '/') ||
// or any other URL that isn't scheme relative or absolute i.e relative.
!(/^(\/\/|http:|https:).*/.test(url));
}
function safeMethod(method) {
return (/^(GET|HEAD|OPTIONS|TRACE)$/.test(method));
}
if (!safeMethod(settings.type) && sameOrigin(settings.url)) {
xhr.setRequestHeader("X-CSRFToken", getCookie('csrftoken'));
}
});
修改
澄清:
以下是js:
的示例function foo() {
data = {some:"datahere"}
jQuery.ajax({
url: "urlhere",
type: "POST",
data: data,
success: function() {
// do something
},
error: function() {
alert("Could not send ajax request with POST");
}
})
}
在常规浏览器中,永远不会调用错误函数,但是在iPad上我总是会收到警报(至少在iOS sim中)。当我看到django日志时,我看到这些请求是用代码403返回的。如果添加@csrf_exempt
装饰器,一切都可以在iPad上运行,所以我很确定它是csrf失败的。
答案 0 :(得分:0)
iPad由于某些原因并不总是获得CSRF cookie的价值,因此jQuery csrf修复无效,因为它无法读取cookie的值。
解决方案是确保将cookie发送到客户端,并在视图上使用ensure_csrf_cookie
装饰器与需要csrf的客户端进行交互。
示例:
# models.py
from django.views.decorators.csrf import csrf_protect, csrf_exempt, requires_csrf_token, ensure_csrf_cookie
@ensure_csrf_cookie
def fooview(request):
# do something here
pass