4👍
✅
UPDATE
I worked out this problem by firstly getting the sessionID, passing it to Django by AJAX;
In Chrome extension:
var sessionid = '';
chrome.cookies.get(
{url:'http://localhost', name:'sessionid'},
function(cookie) {
sessionid = cookie.value;
});
Get csrf token the same way; POST both to Django; If you use GET, no need for csrf_token.
Remember to set permission in manifest.json: "http://localhost"
In Django program:
sessionid = request.POST['sessionid']
s = Session.objects.get(pk=sessionid) # From django_session table
s_data = s.get_decoded() # s_data is a dictionary
user_id = s_data['_auth_user_id']
with this user id, I can get and set the user’s data. I am not sure if this is safe.
👤Yifu
Source:stackexchange.com