最后我得到了签名的票证，例如，我发回一个令牌，它可以在规定的时间范围内绕过auth。因此，ajax应用程序可以首先请求令牌，然后再使用附加的令牌来触发一个标准的get请求。在

以下是我融合到视图中的基本思想：

class DownloadableMixin():
    """
    Manages a ticket response, where a ticket is a signed response that gives a user limited access to a resource
    for a time frame of 5 secs.

    Therefore, file downloads can request a ticket for a resource and gets a ticket in the response that he can
    use for non-ajax file-downloads.
    """

    MAX_AGE = 5

    def check_ticket(self, request):
        signer = TimestampSigner()
        try:
            unsigned_ticket = signer.unsign(request.QUERY_PARAMS['ticket'], max_age=self.__class__.MAX_AGE)
        except SignatureExpired:
            return False
        except BadSignature:
            return False

        if self.get_requested_file_name() == unsigned_ticket:
            return True
        return False

    def get_ticket(self):
        signer = TimestampSigner()
        return signer.sign(self.get_requested_file_name())

    def has_ticket(self, request):
        return 'ticket' in request.QUERY_PARAMS

    def requires_ticket(self, request):
        return 'download' in request.QUERY_PARAMS

    def get_requested_file_name(self):
        raise NotImplementedError('Extending classes must define the requested file name.')