zoukankan      html  css  js  c++  java

  • csrf的使用

    1. CSRF
    a. 基本应用
    form表单中添加
    {% csrf_token %}

    b. 全站禁用
    # 'django.middleware.csrf.CsrfViewMiddleware',

    c. 局部禁用
    'django.middleware.csrf.CsrfViewMiddleware',

    from django.views.decorators.csrf import csrf_exempt

    @csrf_exempt
    def csrf1(request):

    if request.method == 'GET':
    return render(request,'csrf1.html')
    else:
    return HttpResponse('ok')
    d. 局部使用
    # 'django.middleware.csrf.CsrfViewMiddleware',

    from django.views.decorators.csrf import csrf_exempt,csrf_protect

    @csrf_protect
    def csrf1(request):

    if request.method == 'GET':
    return render(request,'csrf1.html')
    else:
    return HttpResponse('ok')

    c. 特殊CBV
    from django.views import View
    from django.utils.decorators import method_decorator

    @method_decorator(csrf_protect,name='dispatch')
    class Foo(View):

    def get(self,request):
    pass

    def post(self,request):
    pass

    PS:CBV中添加装饰器
    def wrapper(func):
    def inner(*args,**kwargs):
    return func(*args,**kwargs)
    return inner
    # 1. 指定方法上添加装饰器

    # class Foo(View):
    #
    # @method_decorator(wrapper)
    # def get(self,request):
    # pass
    #
    # def post(self,request):
    # pass
    # 2. 在类上添加
    # @method_decorator(wrapper,name='dispatch')
    # class Foo(View):
    #
    # def get(self,request):
    # pass
    #
    # def post(self,request):
    # pass


    Ajax提交数据时候,携带CSRF:
    a. 放置在data中携带

    <form method="POST" action="/csrf1.html">
    {% csrf_token %}
    <input id="user" type="text" name="user" />
    <input type="submit" value="提交"/>
    <a onclick="submitForm();">Ajax提交</a>
    </form>
    <script src="/static/jquery-1.12.4.js"></script>
    <script>
    function submitForm(){
    var csrf = $('input[name="csrfmiddlewaretoken"]').val();
    var user = $('#user').val();
    $.ajax({
    url: '/csrf1.html',
    type: 'POST',
    data: { "user":user,'csrfmiddlewaretoken': csrf},
    success:function(arg){
    console.log(arg);
    }
    })
    }

    </script>

    b. 放在请求头中

    <form method="POST" action="/csrf1.html">
    {% csrf_token %}
    <input id="user" type="text" name="user" />
    <input type="submit" value="提交"/>
    <a onclick="submitForm();">Ajax提交</a>
    </form>
    <script src="/static/jquery-1.12.4.js"></script>
    <script src="/static/jquery.cookie.js"></script>

    <script>
    function submitForm(){
    var token = $.cookie('csrftoken');
    var user = $('#user').val();
    $.ajax({
    url: '/csrf1.html',
    type: 'POST',
    headers:{'X-CSRFToken': token},
    data: { "user":user},
    success:function(arg){
    console.log(arg);
    }
    })
    }
    </script>
  • 相关阅读:
    正则匹配
    去除数组、对象某个元素
    换行
    a标签问题
    vue的坑
    宽度100%-20px ,css样式设置超出部分...
    搜狗密码框自带小键盘问题
    阻止button刷新页面
    Java IO流经典练习题
    Java中统计字符串中各个字符出现的次数
  • 原文地址:https://www.cnblogs.com/jmc218/p/14053100.html
Copyright © 2011-2022 走看看