将 django 与邮递员一起使用 {“detail":“CSRF 失败:CSRF 令牌丢失或不正确."}

本文介绍了将 django 与邮递员一起使用 {“detail":“CSRF 失败:CSRF 令牌丢失或不正确."}的处理方法，对大家解决问题具有一定的参考价值，需要的朋友们下面随着小编来一起学习吧！ 问题描述

我正在使用邮递员检查来自我的 django-rest-framework 的 json 响应.

I'm using postman to check json response from my django-rest-framework.

当我第一次尝试通过 POST 方法将 ID、电子邮件、密码发布到 AWS(亚马逊网络服务)上的 django 时，它运行良好.它返回如下:

When my first try to post id, email, password through POST method to my django on AWS(amazon web services), it works well. It returned like:

{ "key": "99def123123123123d88e15771e3a8b43e71f" }

但是在第一次尝试之后，换句话说，从第二次尝试它返回了

But after first try, the other words, from second try it returned

{"detail":"CSRF Failed: CSRF token missing or incorrect."}

(另外编辑 +)我的腻子终端说 "POST/rest-auth/login/HTTP/1.1" 403 58

(Additionally edit +) My putty terminal says "POST /rest-auth/login/ HTTP/1.1" 403 58

我看到kechengpuzi/q/s31108075，但是不合适我的情况.

I saw kechengpuzi/q/s31108075, but it is not proper to my case.

并来自 django-rest-framework.narkive/sCyJk3hM/authentication-ordering-token-vs-session，我找不到使用邮递员的解决方案

and from django-rest-framework.narkive/sCyJk3hM/authentication-ordering-token-vs-session, i can't find solution which is using postman

如何正确使用邮递员?

How can i use postman appropriately?

或者你能推荐其他使用的工具吗?

Or Could you recommend other tools to use?

我正在使用retrofit2 制作android 应用程序所以我需要工具来检查POST、GET 方法和响应.

I'm making android application with retrofit2 So I need tools to check POST, GET method and responses.

推荐答案

你的 api 需要 CSRF 令牌，你必须将 CSRF 令牌添加到请求(和邮递员)中:

Your api need CSRF token, you have to add CSRF token to the request(and postman):

data: { csrfmiddlewaretoken: csrf_token, "username": "thesamething", "email": "thesamething", "password": "thesamething" }

您可以从表单输入字段中获取 CSRF 令牌(如果您使用 django 内置表单 api，您会发现一个隐藏字段)或者如果您使用 Ajax，您可以查看 跨站请求伪造保护.和你的授权密钥无关，你的密钥是用来识别的你是谁，CSRF 令牌是为了确保这个请求是从你的服务器发送的.

You can get CSRF token from your form input field(you will find a hidden field if you use django build-in form api) or if you use Ajax, you can have a look at Cross Site Request Forgery protection.It has nothing to do with your authorization key, your key is use to identify who you are, and CSRF token is to make sure this request is send from your server.