這裏就不多羅嗦csrf的作用,網上文獻很多,之列舉一種通過js訪問Django所遇見的csrf 403異常
由於傳參的方式,後端會進行不同的解析方式,切記要用下面的傳參方式,參見傳參方式
前端js代碼
function getCookie(name) {
var cookieValue = null;
if (document.cookie && document.cookie !== '') {
var cookies = document.cookie.split(';');
for (var i = 0; i < cookies.length; i++) {
var cookie = cookies[i].trim();
// Does this cookie string begin with the name we want?
if (cookie.substring(0, name.length + 1) === (name + '=')) {
cookieValue = decodeURIComponent(cookie.substring(name.length + 1));
break;
}
}
}
return cookieValue;
}
var csrftoken = getCookie('csrftoken');
async function createCustomer(paymentMethod, cardholderEmail) {
var formData = new FormData();
formData.append('email', cardholderEmail);
formData.append('payment_method', paymentMethod);
formData.append('csrfmiddlewaretoken', csrftoken);
return fetch('/create-customer/', {
method: 'post',
// headers: {
// 'Content-Type': 'application/json'
// },
body: formData,
mode: 'cors',
cache: 'default',
credentials: 'include',
})
.then(response => {
return response.json();
})
.then(subscription => {
handleSubscription(subscription);
});
}