@csrf U豁免在Django 1.4停止工作

2024-06-25 05:32:24 发布

您现在位置:Python中文网/ 问答频道 /正文
873 3

我有以下代码,在Django 1.2.5中运行良好:

from django.views.decorators.csrf import csrf_exempt

class ApiView(object):
    def __call__(self, request, *args, **kwargs):
        method = request.method.upper()
        return getattr(self, method)(request, *args, **kwargs)

@csrf_exempt
class MyView(ApiView):

    def POST(self):
       # (...)
       return HttpResponse(json.dumps(True), mimetype="text/javascript")

但当我升级到Django 1.4时,我开始收到一条403禁止的消息,其中有一条“CSRF验证失败”消息。

为什么那个@csrf_豁免的装饰器不工作?

URL定义为:

from django.conf.urls.defaults import *
from django.views.decorators.csrf import csrf_exempt

import views

urlpatterns = patterns('',
   url(r'^myview/(?P<parameter_name>[A-Za-z0-9-_]+)/$',
       views.MyView(),
       name="myproject-myapp-myview",
       ),
)

Tags: djangofromimportselfdecoratorsrequestdefargs
3条回答
网友
1楼 · 编辑于 2024-06-25 05:32:24

csrf_豁免必须装饰一个功能。在url中,您可以修饰那个函数docs can be found here

(r'^vote/', permission_required('polls.can_vote')(VoteView.as_view())),
网友
2楼 · 编辑于 2024-06-25 05:32:24

只需在urls.py中使用csrf_exempt。即:

网址.py

..other imports...
from django.views.decorators.csrf import csrf_exempt   
from myapp.views import MyView

urlpatterns = patterns('',
   url(r'^myview/(?P<parameter_name>[A-Za-z0-9-_]+)/$',
       csrf_exempt(MyView.as_view()), # use csrf_exempt here
       name="myproject-myapp-myview",
       ),
)
网友
3楼 · 编辑于 2024-06-25 05:32:24

根据django docs

To decorate every instance of a class-based view, you need to decorate the class definition itself. To do this you apply the decorator to the dispatch() method of the class.

所以你需要做些什么:

class MyView(ApiView):

    def POST(self):
       # (...)
       return HttpResponse(json.dumps(True), mimetype="text/javascript")

    @csrf_exempt
    def dispatch(self, *args, **kwargs):
        return super(MyView, self).dispatch(*args, **kwargs)

相关问题 更多 >

    编程相关推荐