Django Ajax POST請求
Django 中自帶了防止CSRF攻擊的功能,所以在表單或者Ajax發送POST的請求的時候,如果沒有帶有
csrf_token,請求會被拒絕
設置django表單提交
GET請求不需要csrf認證,POST請求需要認證才能得到正確的結果。一般在POST表單中加入
{% csrf_token%}<form method="POST" action="/post-url/">
{% csrf_token %}
<input name='zqxt' value="">
<button type='submit'>提交</button>
</form>設置Ajax POST 提交
模板中<script>標籤寫法
<script type="text/javascript">
$.ajaxSetup({
data: {csrfmiddlewaretoken: '{{ csrf_token }}' }
});
</script>在模板裏的<script>標籤中直接加上如上的代碼,然後ajax post請求就跟之前一樣使用即可
引入js寫法,引入csrf.js
js代碼如下
/*====================django ajax ======*/
jQuery(document).ajaxSend(function(event, xhr, settings) {
function getCookie(name) {
var cookieValue = null;
if (document.cookie && document.cookie != '') {
var cookies = document.cookie.split(';');
for (var i = 0; i < cookies.length; i++) {
var cookie = jQuery.trim(cookies[i]);
// Does this cookie string begin with the name we want?
if (cookie.substring(0, name.length + 1) == (name + '=')) {
cookieValue = decodeURIComponent(cookie.substring(name.length + 1));
break;
}
}
}
return cookieValue;
}
function sameOrigin(url) {
// url could be relative or scheme relative or absolute
var host = document.location.host; // host + port
var protocol = document.location.protocol;
var sr_origin = '//' + host;
var origin = protocol + sr_origin;
// Allow absolute or scheme relative URLs to same origin
return (url == origin || url.slice(0, origin.length + 1) == origin + '/') ||
(url == sr_origin || url.slice(0, sr_origin.length + 1) == sr_origin + '/') ||
// or any other URL that isn't scheme relative or absolute i.e relative.
!(/^(\/\/|http:|https:).*/.test(url));
}
function safeMethod(method) {
return (/^(GET|HEAD|OPTIONS|TRACE)$/.test(method));
}
if (!safeMethod(settings.type) && sameOrigin(settings.url)) {
xhr.setRequestHeader("X-CSRFToken", getCookie('csrftoken'));
}
});
/*===============================django ajax end===*/也可以
在views.py裏面添加from django.views.decorators.csrf import csrf_exempt
在你ajax要用到的方法前面加一個@csrf_exempt
項目案例:
模板HTML
<h1>Django ajax POST 方法測試</h1>
<input id="ajaxTest" value=""><button id="send">ajax測試POST</button><br>
測試結果:<h4 style="color: red" id="result"></h4>
csrf_token:{{ csrf_token }}模板js
需要引入jquery
<script type="text/javascript">
$.ajaxSetup({
data: {csrfmiddlewaretoken: '{{ csrf_token }}' }
});
$('#send').click(function () {
$.ajax({
type:'POST',
url:'/testAjax',
data: {'test':$('#ajaxTest').val()},
success: function (data) {
if(data.state = 1){
$('#result').text("POST請求成功!返回值爲:"+data.info);
}
console.log(data)
}
})
});
</script>url.py
from language import views as language_views
url(r'^testAjax', language_views.test_ajax)views.py
from django.http import JsonResponse
def test_ajax(request):
result = {}
if request.POST:
result['state'] = 1
result['info'] = request.POST.get('test')
return JsonResponse(result)或者註釋掉settings裏的一箇中間件:
MIDDLEWARE = [
'django.middleware.security.SecurityMiddleware',
'django.contrib.sessions.middleware.SessionMiddleware',
'corsheaders.middleware.CorsMiddleware',
'django.middleware.common.CommonMiddleware',
# 'django.middleware.csrf.CsrfViewMiddleware', # 這個中間件註釋掉
'django.contrib.auth.middleware.AuthenticationMiddleware',
'django.contrib.messages.middleware.MessageMiddleware',
'django.middleware.clickjacking.XFrameOptionsMiddleware',
]效果:
