django token:
1 utils middlewares.py , crsf-token
from django.middleware.csrf import get_token
from django.utils.deprecation import MiddlewareMixin
class Middleware(MiddlewareMixin):
def process_request(self,request):
get_token(request)
2 js
// jq
function getCookie(name) {
let cookieValue = null;
if (document.cookie && document.cookie !== '') {
let cookies = document.cookie.split(';');
for (let i = 0; i < cookies.length; i++) {
let cookie = jQuery.trim(cookies[i]);
if (cookie.substring(0, name.length + 1) === (name + '=')) {
cookieValue = decodeURIComponent(cookie.substring(name.length + 1));
//console.log(cookieValue);
break;
}
}
}
return cookieValue;
}
// csrf-token Ajax
$.ajax({
//
url: '/', //
//
type: 'POST',
// csrf token
headers: {
// CSRFProtect ,cookie X-CSRFToken
'X-CSRFToken': getCookie('csrftoken')
},
data: JSON.stringify(Sdata),
// ( )
contentType: 'application/json; charset=utf-8',
// ( )
dataType: 'json',
})
3 settings
MIDDLEWARE = [
'django.middleware.security.SecurityMiddleware',
'django.contrib.sessions.middleware.SessionMiddleware',
'django.middleware.common.CommonMiddleware',
'django.middleware.csrf.CsrfViewMiddleware',
'django.contrib.auth.middleware.AuthenticationMiddleware',
'django.contrib.messages.middleware.MessageMiddleware',
'django.middleware.clickjacking.XFrameOptionsMiddleware',
'djangpr.utils.middlewares.Middleware', #
]
:
vim /etc/hostname vim
:root@css:
reboot
:
useradd -m cssuser cssuser
passwd cssuser cssuser
:
root@css:~# useradd -m cssuser
root@css:~# passwd cssuser
Enter new UNIX password:( )
Retype new UNIX password:( )
passwd: password updated successfully
vim /etc/passwd
root:x:0:0:root:/root:/bin/bash #
# /bin/bash cssuser
cssuser:x:1000:1000::/home/cssuser:/bin/bash #
cssuser sudo
root@css:~# chmod 777 /etc/sudoers ( )
root@css:~# vim /etc/sudoers
root@css:~# chmod 777 /etc/sudoers
root@css:~# vim /etc/sudoers
root cssuser
root ALL=(ALL:ALL) ALL
cssuser ALL=(ALL:ALL) ALL
root@css:~# chmod 440 /etc/sudoers ( )
, xshell