Do I need a CSRF token for jQuery .ajax()?

后端未结

关注

 4  1429

野趣味 2020-12-08 07:20

So I\'ve got a basic .ajax() POST method to a PHP file.

What security measures do I need?

A few posts around were mentioning using a hidden MD5 input field t

4条回答

盖世英雄少女心 (楼主)

2020-12-08 07:55

Here's a simple demo you can try with django:

On HTML page

{%block content%}

{%csrf_token%}
  
  

{%endblock%}

Java-Script Code

%(document).on('submit','#userForm',function(e){
   e.preventDefault();

 $.ajax({

    type = 'POST',

    url:'path/to/url',

    data:{
     username:$('#username').val(),
     password:$('#password').val(),
     csrfmiddlewaretoken:$('input[name=csrfmiddlewaretoken').val()
    },

   success:function(data){
       alert('Successfull');
   }
  });

});

0 讨论(0)

查看其它4个回答