使用 jQuery 的 ajax 或者 post 之前 加入这个 js 代码:
jQuery(document).ajaxSend(
function
(event, xhr, settings) {
function
getCookie(name) {
var
cookieValue =
null
;
if
(document.cookie && document.cookie !=
''
) {
var
cookies = document.cookie.split(
';'
);
for
(
var
i = 0; i < cookies.length; i++) {
var
cookie = jQuery.trim(cookies[i]);
// Does this cookie string begin with the name we want?
if
(cookie.substring(0, name.length + 1) == (name +
'='
)) {
cookieValue = decodeURIComponent(cookie.substring(name.length + 1));
break
;
}
}
}
return
cookieValue;
}
function
sameOrigin(url) {
// url could be relative or scheme relative or absolute
var
host = document.location.host;
// host + port
var
protocol = document.location.protocol;
var
sr_origin =
'//'
+ host;
var
origin = protocol + sr_origin;
// Allow absolute or scheme relative URLs to same origin
return
(url == origin || url.slice(0, origin.length + 1) == origin +
'/'
) ||
(url == sr_origin || url.slice(0, sr_origin.length + 1) == sr_origin +
'/'
) ||
// or any other URL that isn't scheme relative or absolute i.e relative.
!(/^(\/\/|http:|https:).*/.test(url));
}
function
safeMethod(method) {
return
(/^(GET|HEAD|OPTIONS|TRACE)$/.test(method));
}
if
(!safeMethod(settings.type) && sameOrigin(settings.url)) {
xhr.setRequestHeader(
"X-CSRFToken"
, getCookie('csrftoken'));
}
});
或者 更为优雅简洁的代码(不能写在 .js 中,要直接写在模板文件中):
$.ajaxSetup({
data: {csrfmiddlewaretoken:
'{{ csrf_token }}'
},
});
这样之后,就可以像原来一样的使用 jQuery.ajax() 和 jQuery.post()了
转载:https://code.ziqiangxuetang.com/django/django-csrf.html