1. 首頁
  2. 問答
  3. Django的CSRF令牌丟失

Django的CSRF令牌丟失

2017-03-03 126 views
0

我在custom.js文件的功能如下:Django的CSRF令牌丟失

function contactTraxio(fullname, telephone, email) { 
    if (typeof(fullname)==='undefined') fullname = null; 
    if (typeof(telephone)==='undefined') telephone = null; 
    if (typeof(email)==='undefined') email = null; 
    bootbox.dialog({ 
     title: "Limit reached", 
     message: '<p class="text-main text-center">You have reached the limit of your calculations.</p>' + 
       '<p class="pad-btm mar-btm text-center">Upgrade your account by contacting us on +32 9 111 12 12 or filling in the form below.</p>' + 
       '<div class="row"> ' + 
        '<div class="col-md-12"> ' + 
         '<form class="" method="POST"> ' + 

          '<div class="form-group"> ' + 
           '<div class="col-md-6" style="padding-left: 0"> ' + 
            '<input id="contact-fullname" name="fullname" type="text" placeholder="Your fullname" class="form-control input-md" value="' + fullname + '"> ' + 
            '<span class="help-block"><small></small></span> </div> ' + 
           '</div> ' + 
           '<div class="col-md-6" style="padding-right: 0"> ' + 
            '<input id="contact-telephone" name="telephone" type="text" placeholder="Telephone" class="form-control input-md" value="' + telephone + '"> ' + 
            '<span class="help-block"><small></small></span> </div> ' + 
           '</div> ' + 
           '<div class="col-md-12 pad-no-lr-md" style="margin-top: 7.5px;"> ' + 
            '<input id="contact-email" name="email" type="text" placeholder="Your email address" class="form-control input-md" value="' + email + '"> ' + 
            '<span class="help-block"><small></small></span> </div> ' + 
           '</div> ' + 
          '</div>' + 
         '</form> ' + 
        '</div>' + 
       '</div>', 
     buttons: { 
      success: { 
       label: "Send", 
       className: "btn-primary", 
       callback: function() { 
        $.ajax({ 
         type: 'POST', 
         url: '/master/contact_traxio/', 
         data: { 
          fullname: $('#contact-fullname').val(), 
          telephone: $('#contact-telephone').val(), 
          email: $('#contact-email').val(), 
          csrfmiddlewaretoken: '{{ csrf_token }}' 
         }, 
         success: function (data) { 
          debugger; 
         } 
        }); 


       } 
      } 
     } 
    }); 
}

因此,我在JS的接觸形式。我試圖用ajax將表單數據發送到django視圖。

我已經添加csrfmiddlewaretoken: '{{ csrf_token }}'的數據,但由於某些原因,我得到一個錯誤:

Forbidden (CSRF token missing or incorrect.): /master/contact_traxio/ 
[03/Mar/2017 08:52:46] "POST /master/contact_traxio/ HTTP/1.1" 403 2502

的contact_traxio觀點如下:

@login_required 
def contact_traxio(request): 
    if request.method == 'POST': 
     # Just test 
     return HttpResponse('{}/{}/{}'.format(request.POST['fullname'], request.POST['telephone'], request.POST['email'])) 
    else: 
     return HttpResponseBadRequest("Sorry. Something went wrong.")

以及從何處Django模板我撥打contactTraxio功能如下:

{% block page_content %} 
    <script> 
     $(document).ready(function() { 
      var fullname = '{{ user.user.first_name }} {{ user.user.last_name }}'; 
      contactTraxio(fullname, '{{ user.telephone }}', '{{ user.user.email }}') 
     }) 
    </script> 
{% endblock %}

爲什麼我s cfr令牌不發送?

有什麼建議嗎?

來源

2017-03-03 Boky

回答

2

您在外部JS文件中使用Django模板語法。這是行不通的,因爲Django不解析這些文件。

該文檔顯示exactly what you need to do從您的JS訪問令牌;你應該遵循它。

來源

2017-03-03 09:06:45

相關問題

 相關問題