方法一

如果用jquery来处理ajax的话，Django直接给一段解决问题的代码。把它放在一个独立的js文件中，在html页面中都引入即可。注意这个js文件必须在jquery的js文件引入之后，再引入即可。官方文档链接：https://docs.djangoproject.com/en/1.10/ref/csrf/

//防止403 forbiddenfunction getCookie(name) {    var cookieValue = null;    if (document.cookie && document.cookie != '') {        var cookies = document.cookie.split(';');        for (var i = 0; i < cookies.length; i++) {            var cookie = jQuery.trim(cookies[i]);            // Does this cookie string begin with the name we want?            if (cookie.substring(0, name.length + 1) == (name + '=')) {                cookieValue = decodeURIComponent(cookie.substring(name.length + 1));                break;            }        }    }    return cookieValue;}function csrfSafeMethod(method) {    // these HTTP methods do not require CSRF protection    return (/^(GET|HEAD|OPTIONS|TRACE)$/.test(method));}$.ajaxSetup({    beforeSend: function(xhr, settings) {    var csrftoken = getCookie('csrftoken');    if (!csrfSafeMethod(settings.type) && !this.crossDomain) {            xhr.setRequestHeader("X-CSRFToken", csrftoken);        }    }});

方法二

在处理post数据的view前加上@csrf_exmpt 装饰符

from django.views.decorators.csrf import csrf_exempt ##包装csrf请求，避免django认为其实跨站攻击脚本

@csrf_exemptdef edit_view(request):    if request.method == 'GET':        zhibo_id = request.GET.get('id','')        edite_zhibo = CreativeZhibo.objects.get(pk=zhibo_id)        return render(request,'creative/materialCenterBroadcastsEdit.html',{'edite_zhibo':edite_zhibo})

转载于:https://my.oschina.net/zhangyangyang/blog/734105

你可能感兴趣的文章