Você pode criar um arquivo js chamado *ajax_post_config.js* e nele inserir
o seguinte código:
function csrfSafeMethod(method) {
// these HTTP methods do not require CSRF protection
return (/^(GET|HEAD|OPTIONS|TRACE)$/.test(method));
}
function getCookie(name) {
var cookieValue = null;
if (document.cookie && document.cookie !== '') {
var cookies = document.cookie.split(';');
for (var i = 0; i < cookies.length; i++) {
var cookie = cookies[i].trim();
// Does this cookie string begin with the name we want?
if (cookie.substring(0, name.length + 1) === (name + '=')) {
cookieValue =
decodeURIComponent(cookie.substring(name.length + 1));
break;
}
}
}
return cookieValue;
}
let csrftoken = getCookie('csrftoken');
E no template html, você deve inserir beforeSend assim:
<script src="{% static 'path.../ajax_post_config.js' %}"></script>
<script>
$.ajax({
url: url,
type: 'POST',
data: {'data1': data1},
dataType: 'json',
beforeSend: function(xhr, settings) {
if (!csrfSafeMethod(settings.type) && !this.crossDomain) {
xhr.setRequestHeader("X-CSRFToken", csrftoken);
}
},
...
</script>
É isso, espero ter ajudado
Atenciosamente,
*Allan Rafael Ferreira de Oliveira*
*Bacharel em Ciência da Computação • Universidade Estadual da
ParaíbaEstagiário de TI • PrestContas*
Em ter., 26 de mai. de 2020 às 15:20, Kevin <kevin.d...@gmail.com> escreveu:
> Hi,
>
> I'm not able to POST to django without having a csrf_token cookie sent
> with the request, though the documentation says you can set an X-CSRFToken
> header - it appears to be entirely ignored.
>
> The behaviour has been pointed out a couple of times before:
>
> https://code.djangoproject.com/ticket/26904
>
> https://code.djangoproject.com/ticket/30514
>
> but it doesn't appear to have ever been triaged by a project member or
> looked into in any way.
>
> I'm trying to find a definitive answer - should a POST request to a CSRF
> protected endpoint work without the cookie if the header is set?
>
> Thanks
>
> -Kevin
>
> --
> You received this message because you are subscribed to the Google Groups
> "Django users" group.
> To unsubscribe from this group and stop receiving emails from it, send an
> email to django-users+unsubscr...@googlegroups.com.
> To view this discussion on the web visit
> https://groups.google.com/d/msgid/django-users/1e318fcd-32bc-448b-bd4d-05b92f4a8afc%40googlegroups.com
> <https://groups.google.com/d/msgid/django-users/1e318fcd-32bc-448b-bd4d-05b92f4a8afc%40googlegroups.com?utm_medium=email&utm_source=footer>
> .
>
--
You received this message because you are subscribed to the Google Groups
"Django users" group.
To unsubscribe from this group and stop receiving emails from it, send an email
to django-users+unsubscr...@googlegroups.com.
To view this discussion on the web visit
https://groups.google.com/d/msgid/django-users/CAFTj3EQn2c_QwO3GCdP7Kycuqtd%3DNS43P_DU8VcyuDTKc69_DQ%40mail.gmail.com.
