我收到“CSRF 失败:CSRF token 丢失或不正确。”从我的本地主机向 django api 发出 POST 请求时出错。
我在 Angular2 上的服务:
public login(user: any){
const body = JSON.stringify(user);
const headers = new Headers();
headers.append('Content-Type', 'application/json');
return this.http.post("http://127.0.0.1:8000/auth_api/login/", body, {
headers: headers
})
.map((data: Response) => data.json())
}
我在 Django 上的设置:
INSTALLED_APPS = [
'django.contrib.admin',
'django.contrib.auth',
'django.contrib.contenttypes',
'django.contrib.sessions',
'django.contrib.messages',
'django.contrib.staticfiles',
'rest_framework',
'corsheaders',
'scrumboard',
'auth_api'
]
MIDDLEWARE = [
'django.middleware.security.SecurityMiddleware',
'django.contrib.sessions.middleware.SessionMiddleware',
'corsheaders.middleware.CorsMiddleware',
'django.middleware.common.CommonMiddleware',
'django.middleware.csrf.CsrfViewMiddleware',
'django.contrib.auth.middleware.AuthenticationMiddleware',
'django.contrib.messages.middleware.MessageMiddleware',
'django.middleware.clickjacking.XFrameOptionsMiddleware',
]
CORS_ORIGIN_ALLOW_ALL = True
我的登录 View API:
class LoginView(views.APIView):
@csrf_exempt
def post(self, request):
user = authenticate(
username=request.data.get("username"),
password=request.data.get("password"))
if user is None or not user.is_active:
return Response({
'status': 'Unauthorized',
'message': 'Email or password incorrect'
}, status=status.HTTP_401_UNAUTHORIZED)
login(request, user)
return Response(UserSerializer(user).data)
最后是我的 login.component.html,我将用户名和密码发送到登录功能:
<div class="card-block">
<h1>Login</h1>
<p class="text-muted">Sign In to your account</p>
<form [formGroup]="myForm" (ngSubmit)="onSignin(username.value, password.value)">
<div class="input-group mb-1">
<span class="input-group-addon"><i class="icon-user"></i></span>
<input formControlName="username" type="text" id="username" class="form-control" placeholder="username" #username>
</div>
<div class="input-group mb-2">
<span class="input-group-addon"><i class="icon-lock"></i></span>
<input formControlName="password" type="password" class="form-control" placeholder="Password" #password>
</div>
<div class="row">
<div class="col-6">
<button type="submit" [disabled]="!myForm.valid" class="btn btn-primary px-2">Login</button>
</div>
</div>
</form>
</div>
我在这里错过了什么?
最佳答案
如果您尚未与 API 服务器交互,则您可能在登录时未设置 CSRF token 。
您想修饰您的 post 方法,使其不需要 token ,然后仅检查 token 以响应其他实际返回数据的后续 POST 请求...
从 django.views.decorators.csrf 导入 csrf_exempt
@method_decorator(csrf_exempt, name='dispatch')
登录 View 类(views.APIView):
def post( self ,请求):
...
关于django - CSRF token 丢失或不正确。 Django + Angular 2,我们在Stack Overflow上找到一个类似的问题: https://stackoverflow.com/questions/49546222/