加在FBV视图上添加csrf装饰器:
- from django.views.decorators.csrf import csrf_protect
- @csrf_exempt # 该函数无需认证
- @csrf_protect # 该函数需认证
from django.views.decorators.csrf import csrf_exempt @csrf_exempt def index(request): return render(request,'index.html') @csrf_exempt #该函数无需认证 def ajax_add(request): s1=int(request.GET.get('s1')) s2=int(request.GET.get('s2')) print(s1,s2) s=s1+s2 return HttpResponse(s)
from django.utils.decorators import method_decorator
1. 加在CBV视图的get或post方法上
1 from django.utils.decorators import method_decorator
2
3
4 class HomeView(View):
5
6 def dispatch(self, request, *args, **kwargs):
7 return super(HomeView, self).dispatch(request, *args, **kwargs)
8
9 def get(self, request):
10 return render(request, "home.html")
11
12 @method_decorator(check_login)
13 def post(self, request):
14 print("Home View POST method...")
15 return redirect("/index/")
2. 加在dispatch方法上
1 from django.utils.decorators import method_decorator
2
3
4 class HomeView(View):
5
6 @method_decorator(check_login)
7 def dispatch(self, request, *args, **kwargs):
8 return super(HomeView, self).dispatch(request, *args, **kwargs)
9
10 def get(self, request):
11 return render(request, "home.html")
12
13 def post(self, request):
14 print("Home View POST method...")
15 return redirect("/index/")
因为CBV中首先执行的就是dispatch方法,所以这么写相当于给get和post方法都加上了登录校验。
3. 直接加在视图类上,但method_decorator必须传 name 关键字参数
如果get方法和post方法都需要登录校验的话就写两个装饰器。
1 from django.utils.decorators import method_decorator
2
3 @method_decorator(check_login, name="get")
4 @method_decorator(check_login, name="post")
5 class HomeView(View):
6
7 def dispatch(self, request, *args, **kwargs):
8 return super(HomeView, self).dispatch(request, *args, **kwargs)
9
10 def get(self, request):
11 return render(request, "home.html")
12
13 def post(self, request):
14 print("Home View POST method...")
15 return redirect("/index/")
CSRF Token相关装饰器在CBV只能加到dispatch方法上,或者加在视图类上然后name参数指定为dispatch方法。
备注:
- csrf_protect,为当前函数强制设置防跨站请求伪造功能,即便settings中没有设置全局中间件。
- csrf_exempt,取消当前函数防跨站请求伪造功能,即便settings中设置了全局中间件。
1 from django.views.decorators.csrf import csrf_exempt, csrf_protect 2 from django.utils.decorators import method_decorator 3 4 5 class HomeView(View): 6 7 @method_decorator(csrf_exempt) 8 def dispatch(self, request, *args, **kwargs): 9 return super(HomeView, self).dispatch(request, *args, **kwargs) 10 11 def get(self, request): 12 return render(request, "home.html") 13 14 def post(self, request): 15 print("Home View POST method...") 16 return redirect("/index/")
或者:
1 from django.views.decorators.csrf import csrf_exempt, csrf_protect 2 from django.utils.decorators import method_decorator 3 4 5 @method_decorator(csrf_exempt, name='dispatch') 6 class HomeView(View): 7 8 def dispatch(self, request, *args, **kwargs): 9 return super(HomeView, self).dispatch(request, *args, **kwargs) 10 11 def get(self, request): 12 return render(request, "home.html") 13 14 def post(self, request): 15 print("Home View POST method...") 16 return redirect("/index/")