You need to decorate the dispatchmethod for csrf_exemptto work. What it does is set an csrf_exemptattribute on the view function itself to True, and the middleware checks for this on the (outermost) view function. If only a few of the methods need to be decorated, you still need to use csrf_exempton the dispatchmethod, but you can use csrf_protecton e.g. put(). If a GET, HEAD, OPTIONSor TRACEHTTP method is used it won't be checked whether you decorate it or not.

您需要装饰dispatch方法csrf_exempt才能工作。它所做的是将csrf_exempt视图函数本身的一个属性设置为True，中间件会在（最外面的）视图函数上检查这一点。如果只有几个方法需要修饰，你仍然需要csrf_exempt在dispatch方法上使用，但是你可以使用csrf_protect在例如put()。如果GET，HEAD，OPTIONS或TRACE使用HTTP方法不管你把装修与否也不会被选中。

class ChromeLoginView(View):
    @method_decorator(csrf_exempt)
    def dispatch(self, request, *args, **kwargs):
        return super(ChromeLoginView, self).dispatch(request, *args, **kwargs)

    def get(self, request):
        return JsonResponse({'status': request.user.is_authenticated()})

    def post(self, request):
        username = request.POST['username']
        password = request.POST['password']
        user = authenticate(username=username, password=password)
        if user is not None:
            if user.is_active:
                login(request, user)
                return JsonResponse({'status': True})
        return JsonResponse({'status': False})

As @knbk said, this is the dispatch()method that must be decorated.

正如@knbk 所说，这是dispatch()必须装饰的方法。

Since Django 1.9, you can use the method_decoratordirectly on a class:

从 Django 1.9 开始，您可以method_decorator直接在类上使用：

from django.utils.decorators import method_decorator

@method_decorator(csrf_exempt, name='dispatch')
class ChromeLoginView(View):

    def get(self, request):
        return JsonResponse({'status': request.user.is_authenticated()})

    def post(self, request):
        username = request.POST['username']
        password = request.POST['password']
        user = authenticate(username=username, password=password)
        if user is not None:
            if user.is_active:
                login(request, user)
                return JsonResponse({'status': True})
        return JsonResponse({'status': False})

This avoids overriding the dispatch()method only to decorate it.

这避免了重写dispatch()方法只是为了装饰它。

If you are looking for Mixins to match your needs, then you can create a CSRFExemptMixin and extend that in your view no need of writing above statements in every view:

如果您正在寻找 Mixins 来满足您的需求，那么您可以创建一个 CSRFExemptMixin 并在您看来扩展它，而无需在每个视图中编写上述语句：

class CSRFExemptMixin(object):
   @method_decorator(csrf_exempt)
   def dispatch(self, *args, **kwargs):
       return super(CSRFExemptMixin, self).dispatch(*args, **kwargs)

After that Extend this in your view like this.

之后，像这样在您的视图中扩展它。

class ChromeLoginView(CSRFExemptMixin, View):

You can extend that in any view according to your requirement, That's reusability! :-)

您可以根据您的要求在任何视图中扩展它，这就是可重用性！:-)

Cheers!

干杯!

Django bracesprovides a CsrfExemptMixinfor this.

Django 大括号CsrfExemptMixin为此提供了一个。

from braces.views import CsrfExemptMixin

class ChromeLoginView(CsrfExemptMixin, View):
    ...