{"id":46,"date":"2011-07-03T12:50:29","date_gmt":"2011-07-03T12:50:29","guid":{"rendered":"http:\/\/www.uturtle.com\/blog\/archives\/46"},"modified":"2013-12-17T02:44:18","modified_gmt":"2013-12-16T17:44:18","slug":"django%ec%97%90%ec%84%9c-ajaxjquery%ec%82%ac%ec%9a%a9%ec%8b%9c-csrf%ea%b4%80%eb%a0%a8%ed%95%b4%ec%84%9c-%ec%95%88%eb%90%98%eb%8a%94forbidden-%ea%b2%bd%ec%9a%b0","status":"publish","type":"post","link":"https:\/\/www.jinukbaek.com\/blog\/ko\/archives\/46","title":{"rendered":"Django\uc5d0\uc11c AJAX(jquery)\uc0ac\uc6a9\uc2dc csrf\uad00\ub828\ud574\uc11c \uc548\ub418\ub294(forbidden) \uacbd\uc6b0"},"content":{"rendered":"

\uc544\ub798\uc758 \ud648\ud398\uc774\uc9c0\uc5d0 \ub4e4\uc5b4\uac00\uc11c \ubb38\uc11c\ub97c \ud655\uc778\ud55c\ub2e4.<\/p>\n

\uc57d \ub450\uac00\uc9c0 \ubc29\ubc95\uc774 \uc788\ub2e4.
\n1. csrf\ub97c \ub044\ub294 \ubc29\ubc95<\/p>\n

\n

\n

\u00a0 \u00a0 from django.views.decorators.csrf import csrf_exempt<\/p>\n

\n

\u00a0 \u00a0 @csrf_exempt<\/b><\/p>\n

\u00a0 \u00a0 def your_Function(request):<\/p>\n

\u00a0 \u00a0 \u00a0 \u00a0 …<\/p>\n

 <\/p>\n<\/div>\n

2. \uc544\ub798\uc758 \ucf54\ub4dc\ub97c \ucd94\uac00\ud558\uae30<\/p>\n

https:\/\/docs.djangoproject.com\/en\/dev\/ref\/contrib\/csrf\/
\n<\/a>
\n\uc601\uc5b4\ub97c \uc77d\uae30 \uadc0\ucc2e\uc73c\uc2e0 \ubd84\ub4e4\uc744 \uc704\ud574…
\n– JQuery\ub97c \uc0ac\uc6a9\ud558\ub294 \uacbd\uc6b0 \uc544\ub798\uc758 \ucf54\ub4dc\ub97c ajax\ud638\ucd9c\uc774 \ub2f4\uae34 .js\ud30c\uc77c\uc758 \uc801\ub2f9\ud55c \uc704\uce58\uc5d0 \ubcf5\uc0ac\ud558\uba74 \ub429\ub2c8\ub2e4.<\/p>\n

\n

\n

$(document).ajaxSend(function(event, xhr, settings) {<\/p>\n

\u00a0 \u00a0 function getCookie(name) {<\/p>\n

\u00a0 \u00a0 \u00a0 \u00a0 var cookieValue = null;<\/p>\n

\u00a0 \u00a0 \u00a0 \u00a0 if (document.cookie && document.cookie != ”) {<\/p>\n

\u00a0 \u00a0 \u00a0 \u00a0 \u00a0 \u00a0 var cookies = document.cookie.split(‘;’);<\/p>\n

\u00a0 \u00a0 \u00a0 \u00a0 \u00a0 \u00a0 for (var i = 0; i < cookies.length; i++) {<\/p>\n

\u00a0 \u00a0 \u00a0 \u00a0 \u00a0 \u00a0 \u00a0 \u00a0 var cookie = jQuery.trim(cookies[i]);<\/p>\n

\u00a0 \u00a0 \u00a0 \u00a0 \u00a0 \u00a0 \u00a0 \u00a0 \/\/ Does this cookie string begin with the name we want?<\/p>\n

\u00a0 \u00a0 \u00a0 \u00a0 \u00a0 \u00a0 \u00a0 \u00a0 if (cookie.substring(0, name.length + 1) == (name + ‘=’)) {<\/p>\n

\u00a0 \u00a0 \u00a0 \u00a0 \u00a0 \u00a0 \u00a0 \u00a0 \u00a0 \u00a0 cookieValue = decodeURIComponent(cookie.substring(name.length + 1));<\/p>\n

\u00a0 \u00a0 \u00a0 \u00a0 \u00a0 \u00a0 \u00a0 \u00a0 \u00a0 \u00a0 break;<\/p>\n

\u00a0 \u00a0 \u00a0 \u00a0 \u00a0 \u00a0 \u00a0 \u00a0 }<\/p>\n

\u00a0 \u00a0 \u00a0 \u00a0 \u00a0 \u00a0 }<\/p>\n

\u00a0 \u00a0 \u00a0 \u00a0 }<\/p>\n

\u00a0 \u00a0 \u00a0 \u00a0 return cookieValue;<\/p>\n

\u00a0 \u00a0 }<\/p>\n

\u00a0 \u00a0 function sameOrigin(url) {<\/p>\n

\u00a0 \u00a0 \u00a0 \u00a0 \/\/ url could be relative or scheme relative or absolute<\/p>\n

\u00a0 \u00a0 \u00a0 \u00a0 var host = document.location.host; \/\/ host + port<\/p>\n

\u00a0 \u00a0 \u00a0 \u00a0 var protocol = document.location.protocol;<\/p>\n

\u00a0 \u00a0 \u00a0 \u00a0 var sr_origin = ‘\/\/’ + host;<\/p>\n

\u00a0 \u00a0 \u00a0 \u00a0 var origin = protocol + sr_origin;<\/p>\n

\u00a0 \u00a0 \u00a0 \u00a0 \/\/ Allow absolute or scheme relative URLs to same origin<\/p>\n

\u00a0 \u00a0 \u00a0 \u00a0 return (url == origin || url.slice(0, origin.length + 1) == origin + ‘\/’) ||<\/p>\n

\u00a0 \u00a0 \u00a0 \u00a0 \u00a0 \u00a0 (url == sr_origin || url.slice(0, sr_origin.length + 1) == sr_origin + ‘\/’) ||<\/p>\n

\u00a0 \u00a0 \u00a0 \u00a0 \u00a0 \u00a0 \/\/ or any other URL that isn’t scheme relative or absolute i.e relative.<\/p>\n

\u00a0 \u00a0 \u00a0 \u00a0 \u00a0 \u00a0 !(\/^(\\\/\\\/|http:|https:).*\/.test(url));<\/p>\n

\u00a0 \u00a0 }<\/p>\n

\u00a0 \u00a0 function safeMethod(method) {<\/p>\n

\u00a0 \u00a0 \u00a0 \u00a0 return (\/^(GET|HEAD|OPTIONS|TRACE)$\/.test(method));<\/p>\n

\u00a0 \u00a0 }<\/p>\n

\n

\u00a0 \u00a0 if (!safeMethod(settings.type) && sameOrigin(settings.url)) {<\/p>\n

\u00a0 \u00a0 \u00a0 \u00a0 xhr.setRequestHeader(“X-CSRFToken”, getCookie(‘csrftoken’));<\/p>\n

\u00a0 \u00a0 }<\/p>\n

});<\/p>\n

 <\/p>\n<\/div>\n

\uadf8\ub7ec\uba74, \uc544\ub9c8 \ubb38\uc81c\uac00 \ud574\uacb0\ub418\uc2e4 \uac81\ub2c8\ub2e4.<\/p>\n

 <\/p>\n","protected":false},"excerpt":{"rendered":"

\uc544\ub798\uc758 \ud648\ud398\uc774\uc9c0\uc5d0 \ub4e4\uc5b4\uac00\uc11c \ubb38\uc11c\ub97c \ud655\uc778\ud55c\ub2e4. \uc57d \ub450\uac00\uc9c0 \ubc29\ubc95\uc774 \uc788\ub2e4. 1. csrf\ub97c \ub044\ub294 \ubc29\ubc95 \u00a0 \u00a0 from django.views.decorators.csrf import<\/p>\n","protected":false},"author":1,"featured_media":0,"comment_status":"open","ping_status":"open","sticky":false,"template":"","format":"standard","meta":{"advanced_seo_description":"","jetpack_seo_html_title":"","jetpack_seo_noindex":false,"jetpack_post_was_ever_published":false,"_jetpack_newsletter_access":"","_jetpack_dont_email_post_to_subs":false,"_jetpack_newsletter_tier_id":0,"_jetpack_memberships_contains_paywalled_content":false,"_jetpack_memberships_contains_paid_content":false,"footnotes":"","jetpack_publicize_message":"","jetpack_publicize_feature_enabled":true,"jetpack_social_post_already_shared":false,"jetpack_social_options":{"image_generator_settings":{"template":"highway","default_image_id":0,"font":"","enabled":false},"version":2}},"categories":[36],"tags":[121,122,123,124,125],"class_list":["post-46","post","type-post","status-publish","format-standard","hentry","category-computer-scienceweb","tag-csrf-ko","tag-django-ko","tag-forbidden-ko","tag-jquery-ko","tag-python-ko"],"jetpack_publicize_connections":[],"jetpack_featured_media_url":"","jetpack_sharing_enabled":true,"jetpack_shortlink":"https:\/\/wp.me\/p8gT1J-K","_links":{"self":[{"href":"https:\/\/www.jinukbaek.com\/blog\/wp-json\/wp\/v2\/posts\/46","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/www.jinukbaek.com\/blog\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/www.jinukbaek.com\/blog\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/www.jinukbaek.com\/blog\/wp-json\/wp\/v2\/users\/1"}],"replies":[{"embeddable":true,"href":"https:\/\/www.jinukbaek.com\/blog\/wp-json\/wp\/v2\/comments?post=46"}],"version-history":[{"count":2,"href":"https:\/\/www.jinukbaek.com\/blog\/wp-json\/wp\/v2\/posts\/46\/revisions"}],"predecessor-version":[{"id":261,"href":"https:\/\/www.jinukbaek.com\/blog\/wp-json\/wp\/v2\/posts\/46\/revisions\/261"}],"wp:attachment":[{"href":"https:\/\/www.jinukbaek.com\/blog\/wp-json\/wp\/v2\/media?parent=46"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/www.jinukbaek.com\/blog\/wp-json\/wp\/v2\/categories?post=46"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/www.jinukbaek.com\/blog\/wp-json\/wp\/v2\/tags?post=46"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}