javascript - How to add Django's CSRF token to the header of a jQuery POST request? - Stack Overflow

admin管理员组

文章数量:1356808

I'm trying to make a Django form with dynamically pre-populated fields: that is, when one field (checkin_type) gets selected from a drop-down menu, other fields get automatically pre-populated with corresponding data. To this end, I would like to send a POST request to the server as soon as a drop-down option is selected.

So far I've tried the following template (following .0/ref/csrf/):

<script src=".3.1/jquery.min.js"></script>
<script src="@2/src/js.cookie.min.js"></script>
<script>
    $(document).ready(function(){
        var csrftoken = Cookies.get('csrftoken');

        $(".auto-submit").change(function() {
            $.post({
                url: "{% url 'get-checkin-type' %}",
                data: $(".auto-submit option:selected").val(),
                headers: {
                    X-CSRFToken: csrftoken
                }
            })
        });
    });
</script>


<form action="" method="post">{% csrf_token %}
    {% for field in form %}
        <div class="{% if field.name == 'checkin_type' %}auto-submit{% endif %}">
            {{ field.errors }}
            {{ field.label_tag }}
            {{ field }}
        </div>
    {% endfor %}
    <input type="submit" value="Send message" />
</form>

However, when I select a drop-down option I get a

new:17 Uncaught SyntaxError: Unexpected token -

which emanates from the X-CSRFToken: csrftoken line:

Can someone point out to me what is wrong with this code? (I tried looking it up from but so far couldn't figure it out).

By the way, it seems from jQuery add CSRF token to all $.post() requests' data that one can also add the CSRF token to the POST request's data, but this doesn't seem like the most elegant approach to me, and the docs state that

For this reason, there is an alternative method: on each XMLHttpRequest, set a custom X-CSRFToken header to the value of the CSRF token.

I'm trying to make a Django form with dynamically pre-populated fields: that is, when one field (checkin_type) gets selected from a drop-down menu, other fields get automatically pre-populated with corresponding data. To this end, I would like to send a POST request to the server as soon as a drop-down option is selected.

So far I've tried the following template (following https://docs.djangoproject./en/2.0/ref/csrf/):

<script src="https://ajax.googleapis./ajax/libs/jquery/3.3.1/jquery.min.js"></script>
<script src="https://cdn.jsdelivr/npm/js-cookie@2/src/js.cookie.min.js"></script>
<script>
    $(document).ready(function(){
        var csrftoken = Cookies.get('csrftoken');

        $(".auto-submit").change(function() {
            $.post({
                url: "{% url 'get-checkin-type' %}",
                data: $(".auto-submit option:selected").val(),
                headers: {
                    X-CSRFToken: csrftoken
                }
            })
        });
    });
</script>


<form action="" method="post">{% csrf_token %}
    {% for field in form %}
        <div class="{% if field.name == 'checkin_type' %}auto-submit{% endif %}">
            {{ field.errors }}
            {{ field.label_tag }}
            {{ field }}
        </div>
    {% endfor %}
    <input type="submit" value="Send message" />
</form>

However, when I select a drop-down option I get a

new:17 Uncaught SyntaxError: Unexpected token -

which emanates from the X-CSRFToken: csrftoken line:

Can someone point out to me what is wrong with this code? (I tried looking it up from https://developer.mozilla/en-US/docs/Web/JavaScript/Reference/Errors/Unexpected_token but so far couldn't figure it out).

By the way, it seems from jQuery add CSRF token to all $.post() requests' data that one can also add the CSRF token to the POST request's data, but this doesn't seem like the most elegant approach to me, and the docs state that

For this reason, there is an alternative method: on each XMLHttpRequest, set a custom X-CSRFToken header to the value of the CSRF token.

• javascript
• jquery
• django
• django-csrf

Share Improve this question Follow asked Mar 1, 2018 at 6:12 Kurt PeekKurt Peek 57.9k104104 gold badges346346 silver badges564564 bronze badges

Add a ment  | 

2 Answers 2

Sorted by: Reset to default 4

You are missing single quote, Try like following.

$(".auto-submit").change(function() {
    $.post({
        url: "{% url 'get-checkin-type' %}",
        data: $(".auto-submit option:selected").val(),
        headers: {
            'X-CSRFToken': csrftoken
        }
    })
});

PSK's solution works, but for the sake of pleteness, here is the approach as outlined by the Django docs after reading a bit further (from https://docs.djangoproject./en/2.0/ref/csrf/#setting-the-token-on-the-ajax-request) which uses a .ajaxSetup to cover all requests once and for all:

<script src="https://ajax.googleapis./ajax/libs/jquery/3.3.1/jquery.min.js"></script>
<script src="https://cdn.jsdelivr/npm/js-cookie@2/src/js.cookie.min.js"></script>
<script>
    $(document).ready(function(){
        var csrftoken = Cookies.get('csrftoken');

        function csrfSafeMethod(method) {
            // these HTTP methods do not require CSRF protection
            return (/^(GET|HEAD|OPTIONS|TRACE)$/.test(method));
        }
        $.ajaxSetup({
            beforeSend: function(xhr, settings) {
                if (!csrfSafeMethod(settings.type) && !this.crossDomain) {
                    xhr.setRequestHeader("X-CSRFToken", csrftoken);
                }
            }
        });

        $(".auto-submit").change(function() {
            $.post({
                url: "{% url 'get-checkin-type' %}",
                data: $(".auto-submit option:selected").val(),
            })
        });
    });
</script>

本文标签： javascriptHow to add Django39s CSRF token to the header of a jQuery POST requestStack Overflow