问题
I have a CSRF token issue that only occurs in MS Edge and IE11 - it works fine in Chrome, Firefox and even IE9.
The problem only occurs when doing Http post via Ajax. It gives me Http403 forbidden error.
I have followed the guide in Django here: https://docs.djangoproject.com/en/1.7/ref/contrib/csrf/
Do I need to add some extra headers for IE11 / MS Edge? Has anyone else encountered this problem?
回答1:
2 hours later, and I found the answer myself...
To those who might have the same issue with Microsoft Edge and IE11, the fix lies with the setting CSRF_COOKIE_DOMAIN.
I tried setting it like this:
CSRF_COOKIE_DOMAIN = "subdomain.domain.com"
However, that did not work, even though it was a subdomain site. Setting it like this works like a charm:
CSRF_COOKIE_DOMAIN = ".domain.com"
来源:https://stackoverflow.com/questions/39575084/csrf-issue-with-microsoft-edge-and-ie11