您好,登錄后才能下訂單哦!
Django中的csrf認(rèn)證實(shí)現(xiàn)的原理
調(diào)用 process_view 方法
檢查視圖是否被 @csrf_exempt (免除csrf認(rèn)證)
- 去請(qǐng)求體或cookie中獲取token
情況一(全站使用csrf認(rèn)證,局部不想使用csrf認(rèn)證)
MIDDLEWARE = [ 'django.middleware.security.SecurityMiddleware', 'django.contrib.sessions.middleware.SessionMiddleware', 'django.middleware.common.CommonMiddleware', 'django.middleware.csrf.CsrfViewMiddleware', # 全站使用csrf認(rèn)證 'django.contrib.auth.middleware.AuthenticationMiddleware', 'django.contrib.messages.middleware.MessageMiddleware', 'django.middleware.clickjacking.XFrameOptionsMiddleware', ]
如果我想讓某個(gè)請(qǐng)求不通過(guò)csrf認(rèn)證可以這樣做
from django.views.decorators.csrf import csrf_exempt @csrf_exempt # 該函數(shù)無(wú)需認(rèn)證 def users(request): user_list = ['alex','oldboy'] return HttpResponse(json.dumps((user_list)))
情況二(全站不使用csrf認(rèn)證,局部想使用csrf認(rèn)證)
MIDDLEWARE = [ 'django.middleware.security.SecurityMiddleware', 'django.contrib.sessions.middleware.SessionMiddleware', 'django.middleware.common.CommonMiddleware', #'django.middleware.csrf.CsrfViewMiddleware', # 全站不使用csrf認(rèn)證 'django.contrib.auth.middleware.AuthenticationMiddleware', 'django.contrib.messages.middleware.MessageMiddleware', 'django.middleware.clickjacking.XFrameOptionsMiddleware', ]
如果我想讓某個(gè)請(qǐng)求使用csrf認(rèn)證可以這樣做
from django.views.decorators.csrf import csrf_exempt,csrf_protect @csrf_protect # 該函數(shù)需認(rèn)證 def users(request): user_list = ['alex','oldboy'] return HttpResponse(json.dumps((user_list)))
CBV小知識(shí),csrf時(shí)需要使用
- @method_decorator(csrf_exempt)
- 在dispatch方法中(單獨(dú)方法無(wú)效)
方式一
from django.views.decorators.csrf import csrf_exempt,csrf_protect from django.utils.decorators import method_decorator class StudentsView(View): @method_decorator(csrf_exempt) def dispatch(self, request, *args, **kwargs): return super(StudentsView,self).dispatch(request, *args, **kwargs) def get(self,request,*args,**kwargs): print('get方法') return HttpResponse('GET') def post(self, request, *args, **kwargs): return HttpResponse('POST') def put(self, request, *args, **kwargs): return HttpResponse('PUT') def delete(self, request, *args, **kwargs): return HttpResponse('DELETE')
方式二
from django.views.decorators.csrf import csrf_exempt,csrf_protect from django.utils.decorators import method_decorator @method_decorator(csrf_exempt,name='dispatch') class StudentsView(View): def get(self,request,*args,**kwargs): print('get方法') return HttpResponse('GET') def post(self, request, *args, **kwargs): return HttpResponse('POST') def put(self, request, *args, **kwargs): return HttpResponse('PUT') def delete(self, request, *args, **kwargs): return HttpResponse('DELETE')
總結(jié):
擴(kuò)展:
以上就是本文的全部?jī)?nèi)容,希望對(duì)大家的學(xué)習(xí)有所幫助,也希望大家多多支持億速云。
免責(zé)聲明:本站發(fā)布的內(nèi)容(圖片、視頻和文字)以原創(chuàng)、轉(zhuǎn)載和分享為主,文章觀點(diǎn)不代表本網(wǎng)站立場(chǎng),如果涉及侵權(quán)請(qǐng)聯(lián)系站長(zhǎng)郵箱:is@yisu.com進(jìn)行舉報(bào),并提供相關(guān)證據(jù),一經(jīng)查實(shí),將立刻刪除涉嫌侵權(quán)內(nèi)容。