Django #CSRF

开启CSRF保护

<!DOCTYPE html>
<html lang="en">
<head>
    <meta charset="UTF-8">
    <title>Title</title>
</head>
<body>
    <form action="login.html" method="POST">
        {% csrf_token %}
{#        //我来访问的时候拿到字符串，提交的时候我带着字符串提交，如果没有csrf会出现别的网站会向我们的网站提交post请求。#}
        <input type="text" name='username' placeholder="用户名">
        <input type="text" name='pwd' placeholder="密码">
        <input type="submit" value="登录">
        <input id="btn" type="button" value="提交">
    </form>
    <script src="/static/jquery-1.12.4.js"></script>
    <script src="/static/jquery.cookie.js"></script>
    <script>
        $(function () {
           $.ajaxSetup({
               beforeSend:function (xhr,settings) {
                   xhr.setRequestHeader('X-CSRFtoken',$.cookie('csrftoken'));
               }
           }) 
        });
        
        
        $(function () {
            $('#btn').click(function () {
                $.ajax({
                    url:'/login/',
                    type:'POST',
                    date:{'user':'root','pwd':'123'},
{#                    headers:{'X-CSRFtoken':$.cookie('csrftoken')},#}
                    success:function (arg) {

                    }
                })
            })
        })
    </script>
</body>
</html>