How to use ajax post method in Django framework

Time:2021-1-24

Django is an open source web application framework written in Python. The software design pattern of MVC is adopted, that is, model M, view v and controller C. It was originally developed to manage some news content-based websites of Lawrence publishing group, namely CMS (content management system) software. It was released under BSD license in July 2005. The framework is named after Django Reinhardt, a Belgian gypsy jazz guitarist.

Today, I found a problem when I tried to call Ajax of jQuery, that is, the server can return normally by using get method, but not by using post method. Later, the post method in the form mode will not work. As long as the post must report HTTP 403 error! Very strange…

After searching a lot of information on the Internet, it turned out that it was because of the Cross Site Request Forgery protection mechanism of Django. This mechanism is to protect against CSRF attack. What is crsf attack? Taolin blog has a simple explanation. The solution is available on Django’s websitehttp://docs.djangoproject.com/en/dev/ref/contrib/csrf/After modifying according to the instructions, AJAX can post smoothly.

The specific method is to solve the form post first. stay settings.py Midview found in file_ Classes, add a middleware to it: ‘ django.middleware.csrf . csrfviewmiddleware ‘, the modified code is as follows:

Python code

MIDDLEWARE_CLASSES = ( 
 'django.middleware.common.CommonMiddleware', 
 'django.contrib.sessions.middleware.SessionMiddleware', 
 'django.middleware.csrf.CsrfViewMiddleware', 
 'django.contrib.auth.middleware.AuthenticationMiddleware', 
 'django.contrib.messages.middleware.MessageMiddleware', 
 ' django.middleware.csrf . csrfresponsemiddleware '; join this middleware 
)

After this modification, we can solve the problem of HTTP 403 submitted by form post. Ajax post submission can’t be changed just like this. You also need to hook in a cookie handling procedure every time you submit. That is to say, this process is triggered every time a submission is made. The CSRF token is added to the submitted HTTP header. But fortunately, if you use jQuery to deal with Ajax, Django directly sent a piece of code to solve the problem. Put it in a separate JS file and import it in the HTML page. Note that this JS file must be imported after the JS file of jQuery is imported. I copied the code directly, as follows:

JS code


$('html').ajaxSend(function(event, xhr, settings) { 
 function getCookie(name) { 
  var cookieValue = null; 
  if (document.cookie && document.cookie != '') { 
   var cookies = document.cookie.split(';'); 
   for (var i = 0; i < cookies.length; i++) { 
    var cookie = jQuery.trim(cookies[i]); 
    // Does this cookie string begin with the name we want? 
    if (cookie.substring(0, name.length + 1) == (name + '=')) { 
     cookieValue = decodeURIComponent(cookie.substring(name.length + 1)); 
     break; 
    } 
   } 
  } 
  return cookieValue; 
 } 
 if (!(/^http:.*/.test(settings.url) || /^https:.*/.test(settings.url))) { 
  // Only send the token to relative URLs i.e. locally. 
  xhr.setRequestHeader("X-CSRFToken", getCookie('csrftoken')); 
 } 
}); 

After this toss, we can communicate with Django with Ajax normally.

The use of Ajax in Django

The front-end Ajax code is as follows:


$.ajax({
 type:'GET',
 url:'/store/ds_mgmt_wx/ajax_handle',
 dataType:'html',
 success:function(data)
  {
   alert(data);
  },
 error:function(data)
 {
  alert(data); 
 }
});

The return method of the corresponding code of the back end is as follows:


if act_job == 'ajax_handle':
  return HttpResponse('ajax_handle')

About Django framework how to use ajax post method is introduced, after reading what I feel, welcome to share their views, I wish you a happy mood, work smoothly.

Recommended Today

How to Build a Cybersecurity Career

Original text:How to Build a Cybersecurity Career How to build the cause of network security Normative guidelines for building a successful career in the field of information security fromDaniel miesslerstayinformation safetyCreated / updated: December 17, 2019 I’ve been doing itinformation safety(now many people call it network security) it’s been about 20 years, and I’ve spent […]