CSRF失败:未设置CSRF cookie

Question

我正在运营一个django网站。下面是我的代码：

views.py：

@permission_classes((IsAdminUser,))
class ProfileView(viewsets.ModelViewSet):
    queryset=Profile.objects.all()
    serializer_class=ProfileSerializer
    @csrf_exempt
    def list(self,request):
        return Response({'message':'Append Profile ID to the API to view Profile of Particular User'})

def get_serializer_class(self):
    serializer_class = self.serializer_class

    if self.request.method == 'PUT' or self.request.method == 'PATCH':
        serializer_class = ProfilesSerializer

    return serializer_class

@permission_classes((IsAdminUser,))
    class LoginView(viewsets.ModelViewSet):
        queryset = Token.objects.all()
        serializer_class = LoginSerializer
        http_method_names = ['get', 'head']

urls.py：

router=routers.DefaultRouter()
router.register('profiles',views.ProfileView)
router.register('login', views.LoginView)

urlpatterns = [
    path('home/',include(router.urls)),
]

我需要获得JSON格式的响应。如果我在postman中输入url，我会得到这样的错误：“CSRF失败:CSRF cookie未设置。”有人能帮我修复这个错误吗？

Answer 1

您可以将此函数放入您的JS文件中并尝试。

function getCookie(name) {
var cookieValue = null;
if (document.cookie && document.cookie != '') {
    var cookies = document.cookie.split(';');
    for (var i = 0; i < cookies.length; i++) {
        var cookie = jQuery.trim(cookies[i]);
        // Does this cookie string begin with the name we want?
        if (cookie.substring(0, name.length + 1) == (name + '=')) {
            cookieValue = decodeURIComponent(cookie.substring(name.length + 1));
            break;
        }
    }
}
return cookieValue;
}

var csrftoken = getCookie('csrftoken');

function csrfSafeMethod(method) {
// these HTTP methods do not require CSRF protection
return (/^(GET|HEAD|OPTIONS|TRACE)$/.test(method));
}

$.ajaxSetup({
beforeSend: function(xhr, settings) {
    if (!csrfSafeMethod(settings.type) && !this.crossDomain) {
        xhr.setRequestHeader("X-CSRFToken", csrftoken);
    }
}
});