angular,django和csrf

Question

来自http://docs.angularjs.org/api/ng.$ http,它说我们应该设置默认标头以包含令牌,所以我跟着它.

我的代码就是这样的

var myapp = angular.module('myapp', ['ngCookies', 'ui.bootstrap']).
    config(['$routeProvider', function($routeProvider, $httpProvider, $cookies){
        $routeProvider.
            when('/', {
                templateUrl: '/partials/home.html',
                controller: HomeCtrl
            }).
            when('/game/:gameId/shortlist/create',{
                templateUrl: '/partials/create-shortlist.html',
                controller: CreateShortlistCtrl
            }).
            otherwise({redirectTo: '/'});
    }]);

myapp.run(function($rootScope, $http, $cookies, $httpProvider){
    $http.get('/api/get-current-user').success(function(data){
        $rootScope.current_user = data;
        $rootScope.current_team = $rootScope.current_user.team;
    });
    $http.get('/api/get-current-season').success(function(data){
        $rootScope.current_season = data;
    });
    $rootScope.csrf_token = $cookies.csrftoken;
    console.log($httpProvider.defaults.headers.common);
    //$httpProvider.defaults.headers.post['X-CSRFToken'] = $cookies.csrftoken;
});

正如您所看到的,我已经应用了多种方法,但无法使用csrf标记设置标头.我遇到的两个错误是

未捕获错误:未知提供者:$ httpProviderProvider < - $ httpProvider

我究竟做错了什么？

Answer 1

如果您使用AngularJS 1.1.3或更新版本,您可以使用xsrfHeaderName和xsrfCookieName:

var myapp = angular.module('myapp', ['ngCookies', 'ui.bootstrap']).
  config(['$routeProvider', function($routeProvider, $httpProvider, $cookies){
    $httpProvider.defaults.xsrfHeaderName = 'X-CSRFToken';
    $httpProvider.defaults.xsrfCookieName = 'csrftoken';
    ...

请参阅1.1.3文档中的$ location.

Answer 2

您只能$httpProvider在config-method中使用.但问题是你不能$cookies在config-method中使用.只有$cookiesProvider支持.在模块加载和依赖关系部分中描述了(有点).

你可以做的是按照angularjs.org文档中的建议在运行时设置标题

因此,为了使您的示例有效,您可以执行以下操作:

var myapp = angular.module('myapp', ['ngCookies', 'ui.bootstrap']).
    config(['$routeProvider', function($routeProvider){
        $routeProvider.
            when('/', {
                templateUrl: '/partials/home.html',
                controller: HomeCtrl
            }).
            when('/game/:gameId/shortlist/create',{
                templateUrl: '/partials/create-shortlist.html',
                controller: CreateShortlistCtrl
            }).
            otherwise({redirectTo: '/'});
    }]);

myapp.run(function($rootScope, $http, $cookies){
    // set the CSRF token here
    $http.defaults.headers.post['X-CSRFToken'] = $cookies.csrftoken;

    $http.get('/api/get-current-user').success(function(data){
        $rootScope.current_user = data;
        $rootScope.current_team = $rootScope.current_user.team;
    });
    $http.get('/api/get-current-season').success(function(data){
        $rootScope.current_season = data;
    });
});

并且不要忘记将angular-cookies.js文件包含在html文件中!