A:Ajax 提交数据是, 携带的 CSRF 在 data 中:
- <form method="POST" action="/csrf.html">
- {% csrf_token %}
- <input id="user" type="text" name="user" />
- <input type="submit" value="提交"/>
- <a onclick="submitForm();">Ajax 提交 </a>
- </form>
- <script src="/static/jquery-1.12.4.js"></script>
- <script>
- function submitForm(){
- var csrf = $(input[name="csrfmiddlewaretoken"]).val();
- var user = $(#user).val();
- $.ajax({
- url: /csrf.html,
- type: POST,
- data: {"user":user, csrfmiddlewaretoken:csrf},
- success:function(arg){
- console.log(arg);
- }
- })
- }
- </script>
B:Ajax 提交数据是, 携带的 CSRF 在请求头中:
- <form method="POST" action="/csrf.html">
- {% csrf_token %}
- <input id="user" type="text" name="user" />
- <input type="submit" value="提交"/>
- <a onclick="submitForm();">Ajax 提交 </a>
- </form>
- <script src="/static/jquery-1.12.4.js"></script>
- <script src="/static/jquery.cookie.js"></script>
- <script>
- function submitForm(){
- var token = $.cookie(csrftoken);
- var user = $(#user).val()
- $.ajax({
- url: /csrf.html,
- type: POST,
- headers:{X-CSRFToken: token},
- data: { "user":user},
- success:function(arg){
- console.log(arg);
- }
- })
- }
- </script>
来源: http://www.bubuko.com/infodetail-2499098.html