<p>CSRF令牌本质上是一个可检索的cookie。<br/>
默认情况下,每个django应用程序的cookie名称为<code>csrftoken</code>。<br/></p>
<p>您需要使用<code>CSRF_COOKIE_NAME</code>设置(在<code>settings.py</code>中)更改至少一个cookie的名称。在</p>
<p>然后,您的同事可以使用以下AJAX调用检索cookie:</p>
<pre><code>// using jQuery
function getCookie(name) {
var cookieValue = null;
if (document.cookie && document.cookie !== '') {
var cookies = document.cookie.split(';');
for (var i = 0; i < cookies.length; i++) {
var cookie = jQuery.trim(cookies[i]);
// Does this cookie string begin with the name we want?
if (cookie.substring(0, name.length + 1) === (name + '=')) {
cookieValue = decodeURIComponent(cookie.substring(name.length + 1));
break;
}
}
}
return cookieValue;
}
var csrftoken = getCookie('name_of_your_token');
</code></pre>
<p>对于更复杂的用法,请查看文档:<a href="https://docs.djangoproject.com/en/2.0/ref/csrf/" rel="nofollow noreferrer">https://docs.djangoproject.com/en/2.0/ref/csrf/</a></p>
<p/><hr/>
类似的情况:<a href="https://stackoverflow.com/questions/28902243/multiple-django-sites-on-the-same-domain-csrf-fails">Multiple Django sites on the same domain - CSRF fails</a>