Django Rest Framework - 删除问题 - 未找到 CSRF

Rad*_*arc 5 django django-csrf django-rest-framework

我正在将 Django Rest Framework 与 CSRF 结合使用。POST和PUT方法按预期工作，但DELETE给出错误 403 - 以下消息“{"detail":"CSRF Failed: CSRF token missing or incorrect."}.

看来前端应用程序（Angular）正在执行正确的POST请求PUT。我没有遇到任何与CSRFNor相关的问题CORS。

例子：

删除请求：

Accept: application/json, text/plain, */*
Accept-Encoding: gzip, deflate, br
Accept-Language: en-US,en;q=0.9,pl;q=0.8
Cache-Control: no-cache
Connection: keep-alive
Cookie: _ga=GA1.1.1418236812.1564012825; _gid=GA1.1.747517255.1564126213; sessionid=zho7t6c8vbot46uuwka8ufh53pkanein; _gat_gtag_UA_127399308_1=1; 
X-XSRF-TOKEN=hapGqQ09lXlVX7MORRsTfvkEkE79AddcSGI84RdYJEqqjFDF4wXsK4jdKPYpQzIp
Host: 127.0.0.1:4200
http-x-csrftoken: hapGqQ09lXlVX7MORRsTfvkEkE79AddcSGI84RdYJEqqjFDF4wXsK4jdKPYpQzIp
Origin: http://127.0.0.1:4200
Pragma: no-cache
Referer: http://127.0.0.1:4200/cost_center/form/e503dbfd-8eae-49e4-becc-4aa60016b996
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/75.0.3770.142 Safari/537.36
x-csrftoken: hapGqQ09lXlVX7MORRsTfvkEkE79AddcSGI84RdYJEqqjFDF4wXsK4jdKPYpQzIp

Run Code Online (Sandbox Code Playgroud)

删除响应标头：

HTTP/1.1 403 Forbidden
X-Powered-By: Express
access-control-allow-origin: http://127.0.0.1:4200
date: Sun, 28 Jul 2019 14:36:12 GMT
server: WSGIServer/0.2 CPython/3.7.3
content-type: application/json
vary: Accept, Origin, Cookie
allow: GET, PUT, DELETE, HEAD, OPTIONS
x-frame-options: SAMEORIGIN
content-length: 58
access-control-allow-credentials: true
connection: keep-alive

Run Code Online (Sandbox Code Playgroud)

删除响应：

Request URL: http://127.0.0.1:4200/api/cost_center/e503dbfd-8eae-49e4-becc-4aa60016b996
Request Method: DELETE
Status Code: **403 Forbidden**
Remote Address: 127.0.0.1:4200

{"detail":"CSRF Failed: CSRF token missing or incorrect."}

Run Code Online (Sandbox Code Playgroud)

然后，当我执行“PUT”请求时，它的执行不会出现任何问题：

放置请求：

Accept: application/json, text/plain, */*
Accept-Encoding: gzip, deflate, br
Accept-Language: en-US,en;q=0.9,pl;q=0.8
Cache-Control: no-cache
Connection: keep-alive
Content-Length: 82
Content-Type: application/json
Cookie: _ga=GA1.1.1418236812.1564012825; _gid=GA1.1.747517255.1564126213; sessionid=zho7t6c8vbot46uuwka8ufh53pkanein; X-XSRF-TOKEN=hapGqQ09lXlVX7MORRsTfvkEkE79AddcSGI84RdYJEqqjFDF4wXsK4jdKPYpQzIp
Host: 127.0.0.1:4200
http-x-csrftoken: hapGqQ09lXlVX7MORRsTfvkEkE79AddcSGI84RdYJEqqjFDF4wXsK4jdKPYpQzIp
Origin: http://127.0.0.1:4200
Pragma: no-cache
Referer: http://127.0.0.1:4200/cost_center/form/e503dbfd-8eae-49e4-becc-4aa60016b996
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/75.0.3770.142 Safari/537.36
x-csrftoken: hapGqQ09lXlVX7MORRsTfvkEkE79AddcSGI84RdYJEqqjFDF4wXsK4jdKPYpQzIp

Run Code Online (Sandbox Code Playgroud)

PUT 响应标头：

access-control-allow-credentials: true
access-control-allow-origin: http://127.0.0.1:4200
allow: GET, PUT, PATCH, DELETE, HEAD, OPTIONS
connection: keep-alive
content-length: 196
content-type: application/json
date: Sun, 28 Jul 2019 14:51:41 GMT
server: WSGIServer/0.2 CPython/3.7.3
vary: Accept, Origin, Cookie
x-frame-options: SAMEORIGIN
X-Powered-By: Express

Run Code Online (Sandbox Code Playgroud)

放置响应：

Request URL: http://127.0.0.1:4200/api/cost_center/e503dbfd-8eae-49e4-becc-4aa60016b996
Request Method: PUT
Status Code: **200 OK**
Remote Address: 127.0.0.1:4200
Referrer Policy: no-referrer-when-downgrade

Run Code Online (Sandbox Code Playgroud)

您可以看到 DELETE 和 PUT 中使用了相同的令牌，但由于某些原因，只有 PUT 按预期工作。

对于 POST 来说它也工作正常。再说一遍，我只遇到删除问题。

非常感谢您的帮助。

urls.py 文件：

Accept: application/json, text/plain, */*
Accept-Encoding: gzip, deflate, br
Accept-Language: en-US,en;q=0.9,pl;q=0.8
Cache-Control: no-cache
Connection: keep-alive
Cookie: _ga=GA1.1.1418236812.1564012825; _gid=GA1.1.747517255.1564126213; sessionid=zho7t6c8vbot46uuwka8ufh53pkanein; _gat_gtag_UA_127399308_1=1; 
X-XSRF-TOKEN=hapGqQ09lXlVX7MORRsTfvkEkE79AddcSGI84RdYJEqqjFDF4wXsK4jdKPYpQzIp
Host: 127.0.0.1:4200
http-x-csrftoken: hapGqQ09lXlVX7MORRsTfvkEkE79AddcSGI84RdYJEqqjFDF4wXsK4jdKPYpQzIp
Origin: http://127.0.0.1:4200
Pragma: no-cache
Referer: http://127.0.0.1:4200/cost_center/form/e503dbfd-8eae-49e4-becc-4aa60016b996
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/75.0.3770.142 Safari/537.36
x-csrftoken: hapGqQ09lXlVX7MORRsTfvkEkE79AddcSGI84RdYJEqqjFDF4wXsK4jdKPYpQzIp

Run Code Online (Sandbox Code Playgroud)

视图.py 文件：

HTTP/1.1 403 Forbidden
X-Powered-By: Express
access-control-allow-origin: http://127.0.0.1:4200
date: Sun, 28 Jul 2019 14:36:12 GMT
server: WSGIServer/0.2 CPython/3.7.3
content-type: application/json
vary: Accept, Origin, Cookie
allow: GET, PUT, DELETE, HEAD, OPTIONS
x-frame-options: SAMEORIGIN
content-length: 58
access-control-allow-credentials: true
connection: keep-alive

Run Code Online (Sandbox Code Playgroud)

我期望 POST、PUT 和 DELETE 的工作方式与正确使用 CSRF 的方式相同。

归档时间：	6 年，3 月前
查看次数：	406 次
最近记录：	6 年，3 月前