Django #CSRF
开启CSRF保护
<!DOCTYPE html> <html lang="en"> <head> <meta charset="UTF-8"> <title>Title</title> </head> <body> <form action="login.html" method="POST"> {% csrf_token %} {# //我来访问的时候拿到字符串,提交的时候我带着字符串提交,如果没有csrf会出现别的网站会向我们的网站提交post请求。#} <input type="text" name='username' placeholder="用户名"> <input type="text" name='pwd' placeholder="密码"> <input type="submit" value="登录"> <input id="btn" type="button" value="提交"> </form> <script src="/static/jquery-1.12.4.js"></script> <script src="/static/jquery.cookie.js"></script> <script> $(function () { $.ajaxSetup({ beforeSend:function (xhr,settings) { xhr.setRequestHeader('X-CSRFtoken',$.cookie('csrftoken')); } }) }); $(function () { $('#btn').click(function () { $.ajax({ url:'/login/', type:'POST', date:{'user':'root','pwd':'123'}, {# headers:{'X-CSRFtoken':$.cookie('csrftoken')},#} success:function (arg) { } }) }) }) </script> </body> </html>