Ter*_*rry 5 python django http-post http-status-code-403
我正在尝试设置Django API(POST API端点).我希望有相同的URL路径指向同一个处理不同的函数,因为它是POST或GET.因此,我使用了这样的方法
def handle_post(request):
dict = {}
dict['email'] = "test"
if request.method == "POST":
return HttpResponse(json.dumps(dict), content_type="application/json")
在url.py中,我有以下代码
router = routers.DefaultRouter()
router.register(r'notes', UsernotesViewSet)
urlpatterns = patterns('',
url(r'^', include(router.urls)),
url(r'^admin/', include(admin_site.urls)),
url(r'^api-auth/', include('rest_framework.urls', namespace='rest_framework')),
url(r'^docs/', include('rest_framework_swagger.urls')),
url(r'^example/postrequest', handle_post),
)
但是当我在URL http://127.0.0.1:8000/example/postrequest?requestid=abc&starthour=10上执行POST时,我无法完成这项工作 .我没有发布任何内容,只是在httpclient上将方法从GET更改为POST以尝试此API.如果我没有将任何内容发布到URL,这样可以吗?
我收到403错误,如下所示:
禁止(403)
CSRF验证失败.请求中止.
您看到此消息是因为此站点在提交表单时需要CSRF cookie.出于安全原因,需要此cookie,以确保您的浏览器不会被第三方劫持.如果您已将浏览器配置为禁用cookie,请重新启用它们,至少对于此站点或"同源"请求.
感谢任何帮助.
小智 9
I could not understand your question correctly, but CSRF verification failure is caused when "requests via 'unsafe’ methods, such as POST, PUT and DELETE" are performed without using recommended defense settings against CSRF (Cross Site Request Forgeries).
You can read more on this link.
There is a quick work-around to problem. You can use csrf_exempt decorator to mark a view as being exempt from the protection ensured by the CSRF View Middleware (django.middleware.csrf.CsrfViewMiddleware). Example:
from django.views.decorators.csrf import csrf_exempt
from django.http import HttpResponse
@csrf_exempt
def my_view(request):
return HttpResponse('Hello world')
You can read more about is here.
| 归档时间: |
|
| 查看次数: |
7370 次 |
| 最近记录: |