ren*_*zop 7 debugging csrf locust
我不想用locust.io来测试我的django web应用程序.在ha形式中,我遇到了使用CSRF令牌保护的问题.我做以下事情:
class WebsiteTasks(TaskSet):
def on_start(self):
print("On start")
@task
def post_answer(self):
self.client.get("/polls/2/vote")
self.client.post("/polls/2/vote/", {"choice": "8"})
为什么我会收到403错误?该帖子被fobidden,蝗虫文档说客户端对象保持会话活着..
sax*_*sax 16
将您的代码更改为:
@task
def post_answer(self):
response = self.client.get("/polls/2/vote")
csrftoken = response.cookies['csrftoken']
self.client.post("/polls/2/vote/",
{"choice": "8"},
headers={"X-CSRFToken": csrftoken})
我在针对 Django 1.8.5 运行 Locust 测试时遇到了这个问题,它需要将 csrf 令牌添加到 cookie、标头和表单 POST 数据中,如下所示,以免被 403 赶上。例如:
@task
def post_answer(self):
response = self.client.get("/polls/2/vote")
csrftoken = response.cookies['csrftoken']
self.client.post("/polls/2/vote/", {"choice": "8",
"csrfmiddlewaretoken": csrftoken},
headers={"X-CSRFToken": csrftoken},
cookies={"csrftoken": csrftoken})