我想從Django的View函數中返回一個值。該函數是使用Ajax從JavsScript代碼中調用的,但是我得到的錯誤是'Forbidden(CSRF token missing or incorrect)'。爲什麼我會收到'CSRF令牌丟失或不正確'的錯誤?
的HTML代碼看起來是這樣的:
<div align="center" class="input-line">
<form class="input-form" method="post">{% csrf_token %}
<input type = "text" id = "ans" class = "form-control" name = "address" placeholder="Type postcode..."><br><br>
<button id = "homeBtn" class="btn btn-primary">Find info</button><br><br>
</form>
</div>
的查看功能是:
def result(request):
if(request == 'POST'):
param = request.form['my data']
this = runAreaReview(param) #This returns a string
return HttpResponse(this)
我建議讀一讀[Cross-Site Request Forryry](https://en.wikipedia.org/wiki/Cross-site_request_forgery),特別是保護它的「Cookie-to-Header Token」方法。 – Quietust