CSRF 확인에 실패했습니다. 요청이 중단되었습니다. AJAX 실수?

Question

AJAX를 사용하여 백도어 (장고)에 total_time을 보내려고합니다. 그러나 게시 할 때마다 403 오류가 발생합니다 (CSRF 확인에 실패했습니다. 요청이 중단되었습니다.). passage_detail.html에서

: views.py에서

$(function() { 
     $('#id_user_passage').on('keyup', function (e) { 
      if (e.which === 13) { 
       var total_time = (new Date()).getTime() - $(this).data('total_time'); 
       $(this).data('total_time', 0); 
       console.log('Time passed : ' + total_time + ' milliseconds'); 
       $.ajax({ 
        url : '/typer/passage_detail/{{ p_slug }}/', 
        type : "POST", 
        data : total_time, 
        processData: false 
       }); 

      } else if (!$(this).data('total_time')) { 
       $(this).data('total_time', (new Date()).getTime()); 
      } 
     }); 
    }); 

: 데프 passage_detail (요청, passage_name_slug) : 인쇄 URL의

context_dict = {} 

    current_passage = get_object_or_404(Passage, slug=passage_name_slug) 

    context_dict['passage'] = current_passage 
    context_dict['p_name'] = current_passage.name 
    context_dict['p_slug'] = current_passage.slug 
    context_dict['p_text_body'] = current_passage.text_body 
    context_dict['p_wlength'] = current_passage.total_words 
    context_dict['p_clength'] = current_passage.total_chars 

    if request.method == 'POST': 
     print("I am a form") 
     form = PassageTestForm(request.POST) 

     if form.is_valid(): 
      print("I am valid") 
      user_passage = form.save(commit=False) 
      current_user = request.user 
      body = user_passage.user_passage 
      body_split = re.findall(r'((?:(?<=^\s)\s*)?\S+\s*(?=\s\S|$))', body) 
      body_clength = len(body) 
      body_wlength = len(body_split) 
      errors, accuracy, error_indices, user_nws = checkString.checkWord(current_passage.text_body, user_passage.user_passage) 

      user_passage.errors = errors 
      user_passage.accuracy = accuracy 
      user_passage.total_chars = body_clength 
      user_passage.total_words = body_wlength 
      user_passage.passage = current_passage 
      user_passage.user = current_user 
      print(request.POST['total_time']) 


      user_passage.save() 
      user_id = current_user.id 


      return passage_result(request, current_passage.slug) 
     else: 
      print(form.errors) 
    else: 
     form = PassageTestForm() 

    context_dict['form'] = form 

    return render(request, 'typer/passage_detail.html', context_dict) 

("내가 뭔가를하고 있어요"). py :

urlpatterns = patterns('', 
        url(r'^$', views.index, name='index'), 
        url(r'^passage_detail/(?P<passage_name_slug>[\w\-]+)/$', views.passage_detail, name='passage_detail'), 
        url(r'^passage_result/(?P<passage_name_slug>[\w\-]+)/$', views.passage_result, name='passage_result'), 
        url(r'^add_passage/$', views.add_passage, name='add_passage'), 
        url(r'^register/$', views.register, name='register'), 
        url(r'^login/$', views.user_login, name='login'), 
        url(r'^logout/$', views.user_logout, name='logout'), 
        ) 

정확하게 무엇을 잘못하고 있습니까? 내 $ .ajax URL 값이 잘못 되었습니까?

Answer 1

귀하의 게시물과 함께 CSRF 토큰을 보내야합니다. 이것은 jquery cookie plugin에서 Django documents을 사용하는 하나의 해결책입니다.

$(function() { 
    var csrftoken = $.cookie('csrftoken'); 

    function csrfSafeMethod(method) { 
     // these HTTP methods do not require CSRF protection 
     return (/^(GET|HEAD|OPTIONS|TRACE)$/.test(method)); 
    } 

    $.ajaxSetup({ 
     beforeSend: function(xhr, settings) { 
      if (!csrfSafeMethod(settings.type) && !this.crossDomain) { 
       xhr.setRequestHeader("X-CSRFToken", csrftoken); 
      } 
     } 
    }); 
});