django csrf 在生产服务器上失败
我在我的开发服务器上工作没有问题,当我在我的生产服务器中尝试它时,以真实姓名,而不是本地主机或IP,我得到:
Forbidden (403)
CSRF verification failed. Request aborted.
Help
Reason given for failure:
CSRF cookie not set.
我通过jquery发送我的帖子,使用javascript修复发布方法和所有...
不知道还能做什么...有人可以帮我吗?
多谢!
I was working on my development server without problems, when I tried it in my production server, in a real name, not localhost nor ip, I got:
Forbidden (403)
CSRF verification failed. Request aborted.
Help
Reason given for failure:
CSRF cookie not set.
I'm sending my post via jquery, used the javascript fix to post method and all...
Dunno what else to do... could anyone give me a hand?
Thanks a lot!
如果你对这篇内容有疑问,欢迎到本站社区发帖提问 参与讨论,获取更多帮助,或者扫码二维码加入 Web 技术交流群。
绑定邮箱获取回复消息
由于您还没有绑定你的真实邮箱,如果其他用户或者作者回复了您的评论,将不能在第一时间通知您!
发布评论
评论(1)
未设置 cookie 通常意味着您没有 添加csrf中间件。将其添加到生产部署的相关设置模块中。您还需要确保接收视图在通过 JavaScript 使用时能够正常工作。
你有两个选择。将服务器上的视图标记为
csrf_exempt或者您需要在请求中包含 csrf 令牌。 csrf 令牌可用于任何模板,如{% csrf_token %}。我会做后者。要在请求中包含 csrf 令牌,您只需将其作为 POST 变量
csrf_token传递。您可以在模板中包含这样的片段:无论您在何处发出请求,只需将
"csrf_token": csrf_token,添加到发布数据即可。That the cookie is not set usually means you didn't add the csrf middleware. Add that in the relevant settings module for your production deployment. You will also need to make sure the receiving view works when used via javascript.
You have two options. Either mark the view on the server as
csrf_exemptor you need to include a csrf token with your request. The csrf token is available to any template as{% csrf_token %}. I would do the latter.To include the csrf token in your request you just need to pass it as a POST variable
csrf_token. You can just have a snippet in a template like this one:And wherever you are making a request, just add
"csrf_token": csrf_token,to the post data.