Django解决CSRF请求处理

一、在提交的前端页面中写入js代码片段

// get cookie using jQuery
function getCookie(name) {
    let cookieValue = null;
    if (document.cookie && document.cookie !== '') {
        let cookies = document.cookie.split(';');
        for (let i = 0; i < cookies.length; i++) {
            let cookie = jQuery.trim(cookies[i]);
            // Does this cookie string begin with the name we want?
            if (cookie.substring(0, name.length + 1) === (name + '=')) {
                cookieValue = decodeURIComponent(cookie.substring(name.length + 1));
                break;
            }
        }
    }
    return cookieValue;
}

function csrfSafeMethod(method) {
    // these HTTP methods do not require CSRF protection
    return (/^(GET|HEAD|OPTIONS|TRACE)$/.test(method));
}

// Setting the token on the AJAX request
$.ajaxSetup({
    beforeSend: function (xhr, settings) {
        if (!csrfSafeMethod(settings.type) && !this.crossDomain) {
            xhr.setRequestHeader("X-CSRFToken", getCookie('csrftoken'));
        }
    }
});

二、后台管理

get 请求的时候设置
post请求的时候, 应该携带csrf_token 

后台设置 set_cookie  csrf_token  :   
1. {% csrf_token %} 模板标签方式
2. @method_decorator(ensure_csrf_cookie)
from django.views.decorators.csrf import ensure_csrf_cookie
from django.utils.decorators import method_decorator
3. 自定义中间件 get_token(request)
from django.middleware.csrf import get_token

中间件文件写的内容：

from django.utils.deprecation import MiddlewareMixin
from django.middleware.csrf import get_token


# create your middleware there
class MyCSRFMiddleware(MiddlewareMixin):

    def process_request(self, request):
        get_token(request)