tornado在setting中设置了"xsrf_cookies" : True,则需要在表单中添加{% module xsrf_form_html() %}。
但ckeditor如何传xsrf_cookies这个值,每次上传图片都显示'_xsrf' argument missing from POST。
如果把"xsrf_cookies"设置为False则上传成功。
下面是上传的代码
1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 31 32 33 34 35 36 37 38 39 40 41 42 43 44 45 46 47 48 49 |
|
Handler的URL (r'/upload/', ckuploadHandeler),
显示错误`WARNING:tornado.general:403 POST /upload/?CKEditor=context&CKEditorFuncNum=1&langCode=zh (127.0.0.1): '_xsrf' argument missing from POST
`
如何在上传图片的时候把xsrf_cookies也post过去?
html代码:
1 2 3 4 5 6 7 |
|
PHP中文网2017-04-17 15:44:12
You can choose to override the check_xsrf_cookie()
method and not check the upload request
I just looked at the source code of tornado, you just need to do thischeck_xsrf_cookie()
方法,对上传这个请求不做检查
我刚才看了下tornado的源代码,你只要这么做就行
Modify the source code of ckeditor.js, find the line修改ckeditor.js的源代码,找到
<form enctype="multipart/form-data" method="POST" ...
<form enctype="multipart/form-data" method="POST" ...
(find it by searching) and edit it Generate the form code, add an input, type=hidden, value is to take the _xsrf value from the cookie) and that's it. In html, you still need to write {% module xsrf_form_html() %} (in the source code of tornado, executing xsrf_form_html() will call set_cookie('_xsrf')), so that there will be _xsrf value in the cookie Yes, just bring it up using the method mentioned above.
1 2 3 4 |
|