Django處理PUT請(qǐng)求有幾個(gè)點(diǎn)需要注意:
CSRF配置
為了防止跨站攻擊狭郑,Django默認(rèn)會(huì)對(duì)POST/PUT/DELETE這幾種操作進(jìn)行csrf token檢查。POST可以將其放到post的參數(shù)中脏答,但Django對(duì)PUT/DELETE只能通過檢查Header的方式檢查csrf token亩鬼。
所以應(yīng)當(dāng)在HTML中確認(rèn)發(fā)送之前配置了Ajax的頭:
function csrfSafeMethod(method) {
// these HTTP methods do not require CSRF protection
return (/^(GET|HEAD|OPTIONS|TRACE)$/.test(method));
}
$.ajaxSetup({
beforeSend: function(xhr, settings) {
if (!csrfSafeMethod(settings.type) && !this.crossDomain) {
xhr.setRequestHeader("X-CSRFToken", csrftoken);
}
}
});
通過Ajax發(fā)送PUT/DELETE請(qǐng)求
需要注意的幾個(gè)地方:
設(shè)置type為PUT,DELETE同理
-
url必須以/結(jié)尾
$.ajax({ url: dbUrl + tableName + "/", // Append back slash for put request type: "PUT", data: {"key": key, "field": field, "field-value": input.value}, success: function(result) { input.style.backgroundColor = "#b3ffb3"; }, error: function(event, XMLHttpRequest, ajaxOptions, thrownError) { input.style.backgroundColor = "#ffad99"; input.value = oldValue } });
后臺(tái)處理參數(shù)
Django對(duì)于PUT/DELETE請(qǐng)求并沒有像POST/GET那樣有一個(gè)字典結(jié)構(gòu)黄绩。我們需要手動(dòng)處理request.body獲取參數(shù):
from django.http import QueryDict
put = QueryDict(request.body)
key = put.get('key')
field = put.get('field')
field_value = put.get('field-value')