POSTMAN 上的 CSRF 令牌丢失或不正确

Question

这是我的观点.py

from django.shortcuts import render
from django.views.generic import ListView
from .models import Post


class HomePageView(ListView):
    model = Post
    template_name = 'home.html'

from django.views.generic import ListView, CreateView 
from django.urls import reverse_lazy 
from .forms import PostForm 
from .models import Post

class HomePageView(ListView):
    model = Post
    template_name = 'home.html'


class CreatePostView(CreateView): # new
    model = Post
    form_class = PostForm
    template_name = 'post.html'
    success_url = reverse_lazy('home')

如何将请求传递给模板渲染方法。使用 POST 方法时，我在 Postman 上收到 csrf 令牌错误

Answer 1

您可以在 Postman 中使用 Pre-request Script 选项卡。 此代码从请求标头中获取 csrf 令牌并使用其值创建新的响应标头。

if (pm.request.method !== 'GET' && !(pm.request.headers.has('x-csrf-token'))) {

  var csrfRequest = pm.request.clone();
  csrfRequest.method = 'GET';
  if (pm.request.method === 'POST') {
    csrfRequest.url = pm.request.url + '?$top=1';
  }

  csrfRequest.upsertHeader({
    key: 'x-csrf-token',
    value: 'fetch'
  });

  pm.sendRequest(csrfRequest, function(err, res) {
    if (err) {
      console.log(err);
    } else {
      var csrfToken = res.headers.get('x-csrf-token');
      if (csrfToken) {
        pm.request.headers.upsert({
          key: 'x-csrf-token',
          value: csrfToken
        });
      } else {
        console.log('No csrf token fetched');
      }
    }
  });
}