我想关闭某个post的 CSRF http://www.django-rest-framework.org/api-guide/viewsets/#viewset 里面提到 You can use any of the standard attributes such as permission_classes, authentication_classes in order to control the API policy on the viewset. stack overflow查到 http://goo.gl/k082op 所以我在我的view.py里面加入 from rest_framework.authentication import SessionAuthentication, BasicAuthentication, class CsrfExemptSessionAuthentication(SessionAuthentication): def enforce_csrf(self, request): print('csrf exempt...') #从没跑到这行 return class ItemViewSet(viewsets.ModelViewSet): queryset = Item.objects.all() serializer_class = ItemSerializer # 并且设定authentication_classes authentication_classes = (CsrfExemptSessionAuthentication, BasicAuthentication) 但是我仍然得到 Forbidden (CSRF cookie not set.) 请问我哪边做错了? 谢谢 --

※ 发信站: 批踢踢实业坊(ptt.cc), 来自: 204.96.168.3 ※ 文章网址: https://webptt.com/cn.aspx?n=bbs/Python/M.1472769386.A.336.html