如何将Django中的登录页面移动到另一台服务器(CSRF令牌丢失)?

huangapple go评论67阅读模式
英文:

How to move only login page to another server with django (CSRF token missing)

问题

我有一个带有django认证系统的登录页面。

现在,我想将登录页面移到另一台服务器(外部登录页面)。

所以,我的目的是在另一台服务器上创建用户名和密码字段(外部登录页面),然后登录到django系统。

我在另一台服务器上创建了HTML。

<form method="POST" action="http://djangoserver.com/">
   <input type="text" name="username">
   <input type="password" name="password">
  <input type="submit">
</form>

然而,这显示了错误。

失败原因:
CSRF令牌丢失

我检查了登录页面的HTML源代码,正如django自动创建的那样,确认了django中间件生成了csrf

<form method="POST">
    <input type="hidden" name="csrfmiddlewaretoken" value="VEkMTu0EpmLbMVLRh4h9MOcuvcryIlA0M1USByG7R5PXkgYvMyzAhdKyq7gohpko">
        Username
        <input type="text" name="username" autofocus autocapitalize="none" autocomplete="username" maxlength="150" class="form-control" placeholder="Username" required id="id_username">
        
        Password
        <input type="password" name="password" autocomplete="current-password" class="form-control" placeholder="Password" required id="id_password">
        
    <button type="submit">登录</button>
</form>

因此,我猜想我应该在外部登录页面中模仿这样的csrf

是否有任何好的建议?

英文:

I have login page with django authentication system.

Now, I want to move only the login page to another server(external login page).

So, my purpose is make username and password field on another server(external login page), then login to the django system.

I made html on another server.

&lt;form method=&quot;POST&quot; action=&quot;http://djangoserver.com/&quot;&gt;
   &lt;input type=&quot;text&quot; name=&quot;username&quot;&gt;
   &lt;input type=&quot;password&quot; name=&quot;password&quot;&gt;
  &lt;input type=&quot;submit&quot;&gt;
&lt;/form&gt;

However, this shows the error.

Reason given for failure:
    CSRF token missing

I checked the login page html source as django automatically created and confirmed there is csrf that django middleware makes.

    &lt;form method=&quot;POST&quot;&gt;
        &lt;input type=&quot;hidden&quot; name=&quot;csrfmiddlewaretoken&quot; value=&quot;VEkMTu0EpmLbMVLRh4h9MOcuvcryIlA0M1USByG7R5PXkgYvMyzAhdKyq7gohpko&quot;&gt;
            Username
            &lt;input type=&quot;text&quot; name=&quot;username&quot; autofocus autocapitalize=&quot;none&quot; autocomplete=&quot;username&quot; maxlength=&quot;150&quot; class=&quot;form-control&quot; placeholder=&quot;Username&quot; required id=&quot;id_username&quot;&gt;
            
            Password
            &lt;input type=&quot;password&quot; name=&quot;password&quot; autocomplete=&quot;current-password&quot; class=&quot;form-control&quot; placeholder=&quot;Password&quot; required id=&quot;id_password&quot;&gt;
            
        &lt;button type=&quot;submit&quot;&gt;login&lt;/button&gt;
    &lt;/form&gt;

So, I guess I should mimic like this about csrf in external login page.

Is there any good suggestion?

答案1

得分: 2

你需要在你的表单中添加 csrfmiddlewaretoken 字段。因为这个登录页面在实际服务器之外,所以你需要在项目中创建一个端点来生成 CSRF 令牌,并且你可以使用 JavaScript 调用它并将其放入你的表单中。以下是代码示例:

<form method="POST" action="http://YOUR-WEBSITE.XYZ/">
   <input type="hidden" name="csrfmiddlewaretoken" id="csrf_token">
   <input type="text" name="username">
   <input type="password" name="password">
   <input type="submit">
</form>

<script>
   // 从 Django 服务器获取 CSRF 令牌
   fetch('http://YOUR-WEBSITE.XYZ/csrf_token/')
      .then(response => response.json())
      .then(data => {
         // 在表单中设置 CSRF 令牌值
         document.getElementById('csrf_token').value = data.csrf_token;
      });
</script>

而且你的应用视图应该是类似这样的:

from django.http import JsonResponse
from django.middleware.csrf import get_token

def get_csrf_token(request):
    csrf_token = get_token(request)
    return JsonResponse({'csrf_token': csrf_token})

确保在你的 Django 服务器的 URL 配置中包含此视图的 URL。

英文:

You have to add csrfmiddlewaretoken field in your form. because this login page is outside of the actual server, you have to create an endpoint in the project to generate csrf token and you call it with javascript and put it in your form. here is the codes:

&lt;form method=&quot;POST&quot; action=&quot;http://YOUR-WEBSITE.XYZ/&quot;&gt;
   &lt;input type=&quot;hidden&quot; name=&quot;csrfmiddlewaretoken&quot; id=&quot;csrf_token&quot;&gt;
   &lt;input type=&quot;text&quot; name=&quot;username&quot;&gt;
   &lt;input type=&quot;password&quot; name=&quot;password&quot;&gt;
   &lt;input type=&quot;submit&quot;&gt;
&lt;/form&gt;

&lt;script&gt;
   // Fetch the CSRF token from the Django server
   fetch(&#39;http://YOUR-WEBSITE.XYZ/csrf_token/&#39;)
      .then(response =&gt; response.json())
      .then(data =&gt; {
         // Set the CSRF token value in the form
         document.getElementById(&#39;csrf_token&#39;).value = data.csrf_token;
      });
&lt;/script&gt;

and your view in the application should be something like this:

from django.http import JsonResponse
from django.middleware.csrf import get_token

def get_csrf_token(request):
    csrf_token = get_token(request)
    return JsonResponse({&#39;csrf_token&#39;: csrf_token})

Make sure to include the URL for this view in your Django server's URL configuration.

huangapple
  • 本文由 发表于 2023年7月10日 12:29:03
  • 转载请务必保留本文链接:https://go.coder-hub.com/76650687.html
匿名

发表评论

匿名网友

:?: :razz: :sad: :evil: :!: :smile: :oops: :grin: :eek: :shock: :???: :cool: :lol: :mad: :twisted: :roll: :wink: :idea: :arrow: :neutral: :cry: :mrgreen:

确定