我已经注释掉了csrf处理器和中间件行settings.py:
122
123 TEMPLATE_CONTEXT_PROCESSORS = (
124 'django.contrib.auth.context_processors.auth',
125 # 'django.core.context_processors.csrf',
126 'django.core.context_processors.request',
127 'django.core.context_processors.static',
128 'cyathea.processors.static',
129 )
130
131 MIDDLEWARE_CLASSES = (
132 'django.middleware.common.CommonMiddleware',
133 'django.contrib.sessions.middleware.SessionMiddleware',
134 # 'django.middleware.csrf.CsrfViewMiddleware',
135 'django.contrib.auth.middleware.AuthenticationMiddleware',
136 'django.contrib.messages.middleware.MessageMiddleware',
137 'django.middleware.locale.LocaleMiddleware',
138 # Uncomment the next line for simple clickjacking protection:
139 # 'django.middleware.clickjacking.XFrameOptionsMiddleware',
140 )
但是当我使用Ajax发送请求时,Django仍然会响应'csrf令牌不正确或丢失',并且在将X-CSRFToken添加到头文件后,请求将成功.
这里发生了什么 ?
Sal*_*lab 205
如果您只是需要一些不使用CSRF的视图,您可以使用@csrf_exempt:
from django.views.decorators.csrf import csrf_exempt
@csrf_exempt
def my_view(request):
return HttpResponse('Hello world')
您可以在此处找到更多示例和其他方案:
小智 32
要为基于类的视图禁用CSRF,以下内容对我有用.
使用django 1.10和python 3.5.2
from django.views.decorators.csrf import csrf_exempt
from django.utils.decorators import method_decorator
@method_decorator(csrf_exempt, name='dispatch')
class TestView(View):
def post(self, request, *args, **kwargs):
return HttpResponse('Hello world')
小智 15
在setting.pyMIDDLEWARE中,您只需删除/注释此行:
'django.middleware.csrf.CsrfViewMiddleware',
Fra*_*ant 12
对于Django 2:
from django.utils.deprecation import MiddlewareMixin
class DisableCSRF(MiddlewareMixin):
def process_request(self, request):
setattr(request, '_dont_enforce_csrf_checks', True)
必须settings.MIDDLEWARE在适当时添加该中间件(例如,在测试设置中).
注意:不再调用该设置MIDDLEWARE_CLASSES.
nar*_*ren 11
答案可能不合适,但我希望它能帮到你
class DisableCSRFOnDebug(object):
def process_request(self, request):
if settings.DEBUG:
setattr(request, '_dont_enforce_csrf_checks', True)
拥有这样的中间件有助于调试请求并检查生产服务器中的csrf.
小智 7
这里的问题是SessionAuthentication执行自己的CSRF验证。这就是即使在注释了CSRF中间件的情况下,也得到CSRF丢失错误的原因。您可以在每个视图中添加@csrf_exempt,但是如果您想禁用CSRF并为整个应用进行会话身份验证,则可以添加一个额外的中间件,如下所示:
class DisableCSRFMiddleware(object):
def __init__(self, get_response):
self.get_response = get_response
def __call__(self, request):
setattr(request, '_dont_enforce_csrf_checks', True)
response = self.get_response(request)
return response
我在myapp / middle.py中创建了此类,然后将该中间件导入了settings.py中的Middleware中。
MIDDLEWARE = [
'django.middleware.common.CommonMiddleware',
'django.middleware.security.SecurityMiddleware',
'django.contrib.sessions.middleware.SessionMiddleware',
'django.middleware.common.CommonMiddleware',
#'django.middleware.csrf.CsrfViewMiddleware',
'myapp.middle.DisableCSRFMiddleware',
'django.contrib.auth.middleware.AuthenticationMiddleware',
'django.contrib.messages.middleware.MessageMiddleware',
'django.middleware.clickjacking.XFrameOptionsMiddleware',
]
可以在Django 1.11上使用DRF
如果要在Global中禁用它,可以编写自定义中间件,如下所示
from django.utils.deprecation import MiddlewareMixin
class DisableCsrfCheck(MiddlewareMixin):
def process_request(self, req):
attr = '_dont_enforce_csrf_checks'
if not getattr(req, attr, False):
setattr(req, attr, True)
然后将此类添加youappname.middlewarefilename.DisableCsrfCheck到MIDDLEWARE_CLASSES列表中django.middleware.csrf.CsrfViewMiddleware
我通过以下两个步骤解决了这个问题:
将此类添加到文件中utils.py:
from django.utils.deprecation import MiddlewareMixin
from <your-project-name> import settings
class DisableCSRF(MiddlewareMixin):
def process_request(self, request):
if settings.DEBUG:
setattr(request, '_dont_enforce_csrf_checks', True)
并在settings.py文件中,将上述中间件添加到列表中MIDDLEWARE:
...
MIDDLEWARE = [
...
'django.middleware.csrf.CsrfViewMiddleware',
...
'<path-of-utils.py>.utils.DisableCSRF',
]
...
| 归档时间: |
|
| 查看次数: |
87535 次 |
| 最近记录: |