07-csrf

ajax的两种crsf验证

# 1. 在试图函数上加上装饰器

# 2. ajax提交数据时,携带csrf: 放在data中携带

# 引用的js: 
  https://cdn.bootcss.com/jquery/1.12.1/jquery.min.js

1. @csrf_exempt装饰器

@csrf_exempt
def login(request):
    if request.method == "POST":
        return JsonResponse({"code": 0, "msg": "登陆成功"})

    return render(request, "login.html")

<form>
    <input type="text" id="username" name="username">
    <a onclick="submitForm();">Ajax提交</a>
</form>
<script src="https://cdn.bootcss.com/jquery/1.12.1/jquery.min.js"></script>
<script>
    function submitForm() {
        $.ajax({
            url: "/hello/login/",
            type: "POST",
            data: {
                "user": $("#username").val(),
            },
            success: function (arg) {
                console.log(arg)
            }

        })
    }
</script>

2. data中携带(绑定函数)

def handle_ajax(request):
    if request.is_ajax():
        return JsonResponse({"code": 0, "msg": "登陆成功"})
    return render(request, "ajax.html")

<form>
    {% csrf_token %}
    <input type="text" id="username" name="username">
    <a onclick="submitForm();">Ajax提交</a>
</form>
<script src="https://cdn.bootcss.com/jquery/1.12.1/jquery.min.js"></script>
<script>
    function submitForm() {
        var csrf = $('input[name="csrfmiddlewaretoken"]').val();
        console.log(csrf)
        var user = $('#username').val();
        $.ajax({
            url: "/hello/ajax/",
            type: "POST",
            data: {"user": user, 'csrfmiddlewaretoken': csrf},
            success: function (arg) {
                console.log(arg)
            }

        })
    }
</script>

3. data中携带(使用id)

def register(request):
    if request.method == "POST":
        username = request.POST.get("username")
        password = request.POST.get("password")
        # ajax请求,一般返回json格式数据
        return JsonResponse({"code":1})
    return render(request, "app03/register.html")

<!DOCTYPE html>
<html lang="en">
<head>
    <meta charset="UTF-8">
    <title>注册</title>
</head>
<body>
<form action="" method="post">
    {% csrf_token %}
    用户名:<input type="text" name="username"><br>
    密码:<input type="text" name="password"><br>
    <input type="button" value="注册" id="button">
</form>

# 1. 部分提交
<script src="https://cdn.bootcss.com/jquery/1.12.1/jquery.min.js"></script>
<script>
    $("#button").click(function(){
        username=$("[name=username]").val();
        password=$("[name=password]").val();
        csrf = $("[type=hidden]").val();
        console.log(username,password,csrf);
        {# 第一个参数:地址;第二个:参数;第三个:返回的数据; #}
        $.post("/register/",{"username":username,"password":password,"csrfmiddlewaretoken":csrf},
        function(data){
            console.log(data)
        })

    })
</script>
</body>
</html>

# 2. 直接提交form表单所有内容:使用serialize()
<script src="https://cdn.bootcss.com/jquery/1.12.1/jquery.min.js"></script>
<script>
    $("#button").click(function () {
        $.post("/register/", $("form").serialize(),function (data) {
                console.log(data)
            })
    })
</script>
</body>
</html>

本栏目推荐文章
• 本地套接字 [补档-2023-07-24]
• UDP通信 [补档-2023-07-22]
• 多路io复用Select [补档-2023-07-16]
• 多路io复用pool [补档-2023-07-19]
• 多路io复用epoll [补档-2023-07-20]
• socket编程 [补档-2023-07-10]
• Linux的信号管理 [补档-2023-07-30]
• Linux进程间通信 [补档-2023-07-27]
• Linux的进程管理 [补档-2023-07-25]
• Linux文件IO之二 [补档-2023-07-21]

csrf 07csrf 07 csrf csrf_token 策略csrf 原理csrf 漏洞csrf 处理器csrf espcms-csrf 站点csrf csrf ssrf amp