csrf token missing or incorrect

# django rest framework csrf failed csrf token missing or incorrect

 
REST_FRAMEWORK = {
    'DEFAULT_AUTHENTICATION_CLASSES':
        ('rest_framework.authentication.TokenAuthentication',)
}

 

# or

MIDDLEWARE_CLASSES = (
'store.disable.DisableCSRF',
)

# disable.py

class DisableCSRF(object):

    def process_request(self, request):
        setattr(request, '_dont_enforce_csrf_checks', True)

轉載自http://www.cnblogs.com/sywlne...

可行的方案：在後臺view中取消csrf驗證

What to do then?
Now to disable csrf check, you can create a custom authentication class CsrfExemptSessionAuthentication which extends from the default SessionAuthentication class. In this authentication class, we will override the enforce_csrf() check which was happening inside the actual SessionAuthentication.
from rest_framework.authentication import SessionAuthentication, BasicAuthentication

class CsrfExemptSessionAuthentication(SessionAuthentication):

    def enforce_csrf(self, request):
        return  # To not perform the csrf check previously happening

In your view, then you can define the authentication_classes to be:

authentication_classes = (CsrfExemptSessionAuthentication, BasicAuthentication)

轉載自https://stackoverflow.com/que...

function getCookie (name) {
    // var value = '; ' + document.cookie
    // var parts = value.split('; ' + name + '=')
    // if (parts.length === 2) return parts.pop().split(';').shift()
    var nameEQ = name + "=";
    var ca = document.cookie.split(';');
    for(var i=0;i < ca.length;i++) {
        var c = ca[i];
        while (c.charAt(0)==' ') c = c.substring(1,c.length);
        if (c.indexOf(nameEQ) == 0) return c.substring(nameEQ.length,c.length);
    }
    return null;
}

var csrftoken = getCookie('csrftoken');