nac*_*oab 2 django backbone.js django-rest-framework
对于我的模型'Presentacion',我有一个非常简单的资源
class PresentacionResource(ModelResource):
model = Presentacion
fields = (some fields)
ignore_fields = (few to ignore)
我需要为此实现身份验证,所以当我阅读时,我创建了两个包装器
class AuthListOrCreateModelView(ListOrCreateModelView):
permissions = (IsAuthenticated, )
class AuthInstanceModelView(InstanceModelView):
permissions = (IsAuthenticated, )
然后在我的urls.py中
url(r'^presentaciones/$', AuthListOrCreateModelView.as_view(resource=PresentacionResource), name='presentacion-root'),
url(r'^presentaciones/(?P<id>[0-9]+)$', AuthInstanceModelView.as_view(resource=PresentacionResource), name='presentacion'),
这对于GET'sentaciones /'请求工作正常但是当我尝试发出PUT请求时,我得到了403 FORBIDDEN
对我来说很奇怪的是GET工作正常:只要我记录了它,它就会正确响应但是如果我注销它就会响应403 FORBIDDEN.
如果问题是X-CSRF令牌头,您可以像这样修改Backbone.sync,以便发送带有每个POST,PUT,DELETE请求的令牌.
/* alias away the sync method */
Backbone._sync = Backbone.sync;
/* define a new sync method */
Backbone.sync = function(method, model, options) {
/* only need a token for non-get requests */
if (method == 'create' || method == 'update' || method == 'delete') {
// CSRF token value is in an embedded meta tag
var csrfToken = $("meta[name='csrf_token']").attr('content');
options.beforeSend = function(xhr){
xhr.setRequestHeader('X-CSRFToken', csrfToken);
};
}
/* proxy the call to the old sync method */
return Backbone._sync(method, model, options);
};