Você pode criar um arquivo js chamado *ajax_post_config.js* e nele inserir
o seguinte código:
function csrfSafeMethod(method) {
// these HTTP methods do not require CSRF protection
return (/^(GET|HEAD|OPTIONS|TRACE)$/.test(method));
}
function getCookie(name) {
var cookieValue = null;
if (document.cookie && document.cookie !== '') {
var cookies = document.cookie.split(';');
for (var i = 0; i < cookies.length; i++) {
var cookie = cookies[i].trim();
// Does this cookie string begin with the name we want?
if (cookie.substring(0, name.length + 1) === (name + '=')) {
cookieValue =
decodeURIComponent(cookie.substring(name.length + 1));
break;
}
}
}
return cookieValue;
}
let csrftoken = getCookie('csrftoken');
E no template html, você deve inserir beforeSend assim:
<script src="{% static 'path.../ajax_post_config.js' %}"></script>
<script>
$.ajax({
url: url,
type: 'POST',
data: {'data1': data1},
dataType: 'json',
beforeSend: function(xhr, settings) {
if (!csrfSafeMethod(settings.type) && !this.crossDomain) {
xhr.setRequestHeader("X-CSRFToken", csrftoken);
}
},
...
</script>
É isso, espero ter ajudado
Atenciosamente,
*Allan Rafael Ferreira de Oliveira*
*Bacharel em Ciência da Computação • Universidade Estadual da
ParaíbaEstagiário de TI • PrestContas*
Em ter., 26 de mai. de 2020 às 15:20, Kevin <[email protected]> escreveu:
> Hi,
>
> I'm not able to POST to django without having a csrf_token cookie sent
> with the request, though the documentation says you can set an X-CSRFToken
> header - it appears to be entirely ignored.
>
> The behaviour has been pointed out a couple of times before:
>
> https://code.djangoproject.com/ticket/26904
>
> https://code.djangoproject.com/ticket/30514
>
> but it doesn't appear to have ever been triaged by a project member or
> looked into in any way.
>
> I'm trying to find a definitive answer - should a POST request to a CSRF
> protected endpoint work without the cookie if the header is set?
>
> Thanks
>
> -Kevin
>
> --
> You received this message because you are subscribed to the Google Groups
> "Django users" group.
> To unsubscribe from this group and stop receiving emails from it, send an
> email to [email protected].
> To view this discussion on the web visit
> https://groups.google.com/d/msgid/django-users/1e318fcd-32bc-448b-bd4d-05b92f4a8afc%40googlegroups.com
> <https://groups.google.com/d/msgid/django-users/1e318fcd-32bc-448b-bd4d-05b92f4a8afc%40googlegroups.com?utm_medium=email&utm_source=footer>
> .
>
--
You received this message because you are subscribed to the Google Groups
"Django users" group.
To unsubscribe from this group and stop receiving emails from it, send an email
to [email protected].
To view this discussion on the web visit
https://groups.google.com/d/msgid/django-users/CAFTj3EQn2c_QwO3GCdP7Kycuqtd%3DNS43P_DU8VcyuDTKc69_DQ%40mail.gmail.com.
