// 从COokie取CSRF TOKEN的值function getCookie(name) { ???var cookieValue = null; ???if (document.cookie && document.cookie !== ‘‘) { ???????var cookies = document.cookie.split(‘;‘); ???????for (var i = 0; i < cookies.length; i++) { ???????????var cookie = jQuery.trim(cookies[i]); ???????????// Does this cookie string begin with the name we want? ???????????if (cookie.substring(0, name.length + 1) === (name + ‘=‘)) { ???????????????cookieValue = decodeURIComponent(cookie.substring(name.length + 1)); ???????????????break; ???????????} ???????} ???} ???return cookieValue;}var csrftoken = getCookie(‘csrftoken‘);// 将CSRF TOKEN值 设置到AJAX的请求头中,后续的AJAX请求就会自动携带这个CSRF TOKENfunction csrfSafeMethod(method) { ?// these HTTP methods do not require CSRF protection ?return (/^(GET|HEAD|OPTIONS|TRACE)$/.test(method));}$.ajaxSetup({ ?beforeSend: function (xhr, settings) { ???if (!csrfSafeMethod(settings.type) && !this.crossDomain) { ?????xhr.setRequestHeader("X-CSRFToken", csrftoken); ???} ?}});AJAX配置csrf
原文地址:https://www.cnblogs.com/wanglongtai/p/8747611.html