使用HTTP POST時Django總是回覆403



使用HTTP POST時Django總是使用回覆403, 但是直接用get就可以正常看到寫好的頁面

用curl測試
curl -H "Content-Type:application/json" \
-X POST \
-d '{"from":"10.0.0.4","prod":"MY_NEW_PROD","result":"Success","action_time":"2020-01-14 09:29:41.112"}' \
http://10.0.0.3:8080/api/sendMsg
取得的頁面寫道
 

Forbidden (403)


  CSRF verification failed. Request aborted.

  You are seeing this message because this site requires a CSRF cookie when submitting forms. This cookie is required for security reasons, to ensure that your browser is not being hijacked by third parties.

查了一下是因為Django預設機制會檢測不合法行為, 認為一個正規的POST應該要帶有一些必要資訊避免被跨站攻擊。

但是我只是要模擬Server接收POST資訊沒有真的要拿來架站, 所以套用解法:
https://blog.csdn.net/u010358168/article/details/77511445

註解掉settings.py的django.middleware.csrf.CsrfViewMiddleware,就可以正常接收POST

留言