我想我的
Android应用程序能够发送一些信息到我的django服务器.所以我做的Android应用程序发送一个发布请求到mysite /上传页面,django的这个页面的视图将基于post数据工作.问题是服务器对post请求的响应,关于csrf验证失败.看看这个问题,似乎我可能必须先从服务器获取一个csrf令牌,然后用该令牌做帖子但是我不知道我该怎么做.编辑:我已经发现,我可以使用视图装饰器@csrf_exempt敲击crsf验证这个视图,但我不知道这是否是最好的解决方案.我的Android代码:
// Create a new HttpClient and Post Header HttpClient httpclient = new DefaultHttpClient(); HttpPost httppost = new HttpPost(URL); // Add your data List<NameValuePair> nameValuePairs = new ArrayList<NameValuePair>(2); nameValuePairs.add(new BasicNameValuePair("scoreone",scoreone)); nameValuePairs.add(new BasicNameValuePair("scoretwo",scoretwo)); httppost.setEntity(new UrlEncodedFormEntity(nameValuePairs)); System.out.println("huzahhhhhhh"); // Execute HTTP Post Request HttpResponse response = httpclient.execute(httppost); BufferedReader in = new BufferedReader(new InputStreamReader(response.getEntity().getContent())); StringBuffer sb = new StringBuffer(""); String line = ""; String NL = System.getProperty("line.separator"); while ((line = in.readLine()) != null) { sb.append(line + NL); } in.close(); String result = sb.toString(); System.out.println("Result: "+result);
# uploads a players match def upload(request): if request.method == 'POST': scoreone = int(request.POST['scoreone']) scoretwo = int(request.POST['scoretwo']) m = Match.objects.create() MatchParticipant.objects.create(player = Player.objects.get(pk=1),match = m,score = scoreone) MatchParticipant.objects.create(player = Player.objects.get(pk=2),score = scoretwo) return HttpResponse("Match uploaded" ) enter code here
解决方法
编写自己的装饰器,并在您的请求中添加一些“秘密”标题.
https://code.djangoproject.com/browser/django/trunk/django/views/decorators/csrf.py
def csrf_exempt(view_func): """ Marks a view function as being exempt from the CSRF view protection. """ # We could just do view_func.csrf_exempt = True,but decorators # are nicer if they don't have side-effects,so we return a new # function. def wrapped_view(request,*args,**kwargs): return view_func(request,**kwargs) if request.@R_301_338@.has_key('HTTP_X_SKIP_CSRF'): wrapped_view.csrf_exempt = True return wraps(view_func,assigned=available_attrs(view_func))(wrapped_view)