Resolving the "_xsrf ' argument missing from post" error in JS (Ajax) Submission Backend

First of all, briefly describe the CSRF:

CSRF is the abbreviation for cross site request forgery (also abbreviated as XSRF), which translates to the meaning of a trans-site solicitation, that is, to do some get/post on a certain CGI in a user session-things that the user may not know and are willing to do, You can take it to do HTTP session hijacking.
The website is a cookie to identify the user, and when the user successfully authenticates the browser will be given a cookie identifying its identity, as long as you do not close the browser or log out, you will be able to visit this website later on this cookie. If the browser is under the control of requesting the URL of the site, it may perform functions that the user does not want to do (such as modifying the profile). Because this is not the user really want to make a request, this is called the request forgery; Oh, because these requests are also available from third-party Web sites, so the prefix cross-site two words.

When you use "_XRSF" to prevent attacks, you will find "_xsrf ' argument missing from POST" errors if you submit your form using AJAX.

The first thing we might think about is that the type attribute of the input tag in the form is not a submit, but a button (for AJA submission). So it is possible to solve this as a submit, but this will make Ajax meaningless, because you can not stop the form form action, you may be able to add onsubmit= "return User_login () in the form tag;" ：

1 <formAction= "/check_login_action"Method= "POST"onsubmit= "return User_login ();">2             <DL><H2>User Login</H2><HR>3             <DT>Account:<inputID= "user_name"name= "user_name"type= "text"placeholder= "Enter Account"/> <ahref= "register_user.html">Registered Account</a></DT>4             <DT>Password:<inputID= "User_password"name= "User_password"type= "Password"placeholder= "Enter Password"/> 
<ahref= "find_password.html">Retrieve password</a></DT>5 {% raw xsrf_form_html ()%}6             <DT><inputtype= "Submit"value= "Login" ></DT>7         </DL>8         </form>

But the advantages of Ajax will be overwritten, so if you must use AJAX (at least can be very good operation Echo value), you can get the value of this XRSF inside JS to the backend to solve:

functionUser_login () {var_XSRF = $ ("input[name= ' _xsrf ')"). Val (); varUser_name = $ ("#user_name"). Val (); varUsername = Check (1, user_name); if(Username.split (' # ') [0]== ' F ') {alert (Username.split (' # ') [1]); }    Else{        varUser_password = $ ("#user_password"). Val (); varUserpass = Check (2, User_password); if(Userpass.split (' # ') [0]== ' F ') {alert (Userpass.split (' # ') [1]); }        Else{            varXMLHTTP; if(window. XMLHttpRequest) {XMLHTTP=NewXMLHttpRequest (); }            Else{XMLHTTP=NewActiveXObject ("Microsoft.XMLHTTP"); } Xmlhttp.onreadystatechange=function(){                if(Xmlhttp.readystate = = 4 && xmlhttp.status = 200){                    varJson_login = eval ("(" + Xmlhttp.responsetext + ")"); if(Json_login.returnedjson.infostatus = = ' T ') {alert (json_login.returnedjson.infomsg); Window.location.href= "/personal_account_temp"; //obj.action = "/check_login_action";                    }                    Else{alert (json_login.returnedjson.infomsg); $("#user_name"). Val (""); $("#user_password"). Val (""); $("#user_name"). focus (); }                }            }            varuser_mess = "User_name=" + encodeuricomponent (user_name) + "&user_password=" + encodeuricomponent (user_password) + " &_xsrf= "+_XSRF;
To the backend, the back end will automatically receive Xmlhttp.open ("Post", "/check_login_action",true); Xmlhttp.setrequestheader ("Content-type", "Application/x-www-form-urlencoded;charset=utf-8");        Xmlhttp.send (user_mess); }    }}

Problem solving ...

Resolving the "_xsrf ' argument missing from post" error in JS (Ajax) Submission Backend