开发者

Django Ajax "FORBIDDEN" error

问答 作者:

I've seen instances where people are getting forbidden errors while attempting to make remote Ajax requests, but I'm making a local request and I also have CSRF turned on in my middleware.

errorThrown is returning "Forbidden"

I think the issue might be that I'm trying to send this to a normal view (the current page)... I'm not sure if开发者_运维百科 my preprocessor is returning to the view to re-render the page.. or if it's returning right back to my current page. (don't think I explained that very well)

Hopefully this gives you a good enough picture of whats going on. Any/All help is appreciated.

the .ajax:

jQuery.ajax({
        type: "POST",
        dataType: "json",
        data: dataString,
        success: function(json) {
              jQuery(".signup").attr('disabled', false);
              $('.success').show();
              console.log(json.message);
        },
        error: function(jqXHR, textStatus, errorThrown) {
              jQuery(".signup").attr('disabled', false);
              $('.fail').show().append(errorThrown);
              console.log(textStatus);
        }

    });

You need a CSRF token even if the request is to the same domain. There's code here to add a CSRF token to your AJAX requests (with jQuery):

https://docs.djangoproject.com/en/1.7/ref/contrib/csrf/#ajax

This link points to version 1.7, if you are using a different version of Django you can select your version from the floater menu on the bottom right.

You will get 403 errors if you have csrf on, try adding in views.py to see if this is causing it:

from django.views.decorators.csrf import csrf_exempt

@csrf_exempt
view class/method

Well, if you still want CSRF protection, read my solution.

In my case I have a template in which I don't want to have a <form></form> element. But I still want to make AJAX POST requests using jQuery.

I got 403 errors, due to CSRF cookie being null, even if I followed the django docs (https://docs.djangoproject.com/en/1.5/ref/contrib/csrf/). The solution is in the same page, mentioning the ensure_csrf_cookie decorator.

My CSRF cookie did get set when I added this at the top of my views.py:

from django.views.decorators.csrf import ensure_csrf_cookie
@ensure_csrf_cookie

Also, please note that in this case you do not need the DOM element in your markup / template: {% csrf_token %}

Download jQuery.Cookie and include it, from here: http://plugins.jquery.com/cookie/

Then, add beforeSend function and send csrf token like this: 

jQuery.ajax({
    type: "POST",
    dataType: "json",
    data: dataString,
    beforeSend: function(xhr, settings) {
        xhr.setRequestHeader("X-CSRFToken", $.cookie('csrftoken'));
    },
    success: function(json) {
          jQuery(".signup").attr('disabled', false);
          $('.success').show();
          console.log(json.message);
    },
    error: function(jqXHR, textStatus, errorThrown) {
          jQuery(".signup").attr('disabled', false);
          $('.fail').show().append(errorThrown);
          console.log(textStatus);
    }

});

继续阅读:djangojsonpython

更多精彩内容

0

上一篇:

下一篇:

精彩评论

暂无评论...
登录 注册
Qedev.com
验证码 换一张
取 消

最新问答

问答排行榜

法律声明:本站内容均为网友上传,网站举办方负责审核和监督,

如存在版权或非法内容,欢迎举报,我们将尽快予以删除。

Copyright © 2018-2020 开发者. All rights reserved.

Powered by 开发者

ICP备案号: 京ICP备10032868号-9