我正在发出
POSTtokentraefikhttps但是当我部署
VuejsPOSTChromedetail: "CSRF Failed: CSRF token missing."
我在 stackoverflow 上搜索过。我想遵循安全概念,然后禁用 CSRF 不是一个选项。
import {ref} from "vue";
import {BACKEND_URL} from "../constants";
const getLoginToken = () => {
const token = ref('')
const tokenError = ref(null)
const fetchToken = async(username, password) => {
try{
const requestOptions = {
method: 'POST',
headers: {
'Content-Type': 'application/json',
},
body: JSON.stringify({
"username": username,
"password": password
}),
redirect: 'follow',
}
const url = BACKEND_URL + '/api/auth-token/'
console.log(url)
let data = await fetch(url, requestOptions)
if(!data.ok){
throw Error(data.statusText)
}
token.value = await data.json()
}
catch(err){
tokenError.value = err.message
console.log(tokenError.value)
}
}
return { token, tokenError, fetchToken }
}
export default getLoginToken
settings.pyREST_FRAMEWORK = {
'DEFAULT_PAGINATION_CLASS': 'rest_framework.pagination.LimitOffsetPagination',
'PAGE_SIZE': 10,
"DEFAULT_AUTHENTICATION_CLASSES": (
"rest_framework.authentication.SessionAuthentication",
"rest_framework.authentication.TokenAuthentication",
),
'DEFAULT_FILTER_BACKENDS': (
'django_filters.rest_framework.DjangoFilterBackend',
),
"DEFAULT_PERMISSION_CLASSES": ("rest_framework.permissions.IsAuthenticated",),
"DEFAULT_SCHEMA_CLASS": "drf_spectacular.openapi.AutoSchema",
}
`url.py
from django.views.decorators.csrf import csrf_exempt
...
path("api/auth-token/", csrf_exempt(obtain_auth_token)),
...
但是不起作用。
问题:
我无法从生产服务器获取
token问题:
我已经禁用了
CSRF因为我很着急。我决定制作自己的函数并继续。
@api_view(['POST'])
@authentication_classes([])
@permission_classes([])
def my_obtain_auth_token(request, *args, **kwargs) -> Response:
"""My customize obtain_auth_token."""
serializer = AuthTokenSerializer(data=request.data)
serializer.is_valid(raise_exception=True)
user = serializer.validated_data['user']
token, created = Token.objects.get_or_create(user=user)
return Response({'token': token.key})