Django will keep a csrftoken=gvzb3ilhlgadishmascacsilreclherlkjhaklsdv3qx4m96xrg88omscdpqakomxj in the browser's cookie;
This is generated from Django, and Django checks the value of the X-csrftoken entry in the headers of each HTTP request with the same value stored in the cookie, and if it is not the same or missing, rejects the request, if the same Indicates that this request was initiated from a real user.
So all we have to do is add X-csrftoken:csrftoken value to the headers of each request.
The configuration code for Axios is as follows:
//add request blocker, intercept before sending request, operate on request This. $http. interceptors.request.use (config) ={config.headers[' X-requested-with '] = ' XMLHttpRequest '; Let regex=/.*csrftoken= ([^;.] *).*$/;//used to match csrftoken values from cookiesconfig.headers[' X-csrftoken ' = Document.cookie.match (regex) = = =NULL?NULL: Document.cookie.match (regex) [1]; returnconfig}); //send a POST request This. $http ({method:' Post ', URL:' http://127.0.0.1:8000/user/', Data: {username:' Abc123 ', Password:' Abc123 ' } });
Axios through Django's CSRF verification