注册    登录
关注
Py学习  »  问与答

小白有关post与csrf的问题

mitto_go • 8 年前 • 3910 次点击  

本人初接触django,在实现一个简单例程时,报错:

Forbidden (403)

CSRF verification failed. Request aborted.

Help

Reason given for failure:

    CSRF token missing or incorrect.
In general, this can occur when there is a genuine Cross Site Request Forgery, or when Django's CSRF mechanism has not been used correctly. For POST forms, you need to ensure:

    Your browser is accepting cookies.
    The view function uses RequestContext for the template, instead of Context.
    In the template, there is a {% csrf_token %} template tag inside each POST form that targets an internal URL.
    If you are not using CsrfViewMiddleware, then you must use csrf_protect on any views that use the csrf_token template tag, as well as those that accept the POST data.

You're seeing the help section of this page because you have DEBUG = True in your Django settings file. Change that to False, and only the initial error message will be displayed.

You can customize this page using the CSRF_FAILURE_VIEW setting.

程序所要完成的任务为完成表单填写后确认返回helloworld,代码如下:

setting.py(部分)

MIDDLEWARE_CLASSES = (
    'django.contrib.sessions.middleware.SessionMiddleware',
    'django.middleware.common.CommonMiddleware',
    'django.middleware.csrf.CsrfViewMiddleware',
    'django.contrib.auth.middleware.AuthenticationMiddleware',
    'django.contrib.auth.middleware.SessionAuthenticationMiddleware',
    'django.contrib.messages.middleware.MessageMiddleware',
    'django.middleware.clickjacking.XFrameOptionsMiddleware', 
)

views.py

from django.shortcuts import render_to_response

from django.http import HttpResponse,Http404
from models import *
from form import *
from django.core.context_processors import csrf

def listt(request):
    if request.method=='POST':
        return HttpResponse('hello world')
    form= mybook()
    return render_to_response('2.html',{'form':form})

form.py

from django import forms

class mybook(forms.Form):
    name=forms.CharField()
    author=forms.CharField()
    date=forms.CharField()

2.html

<html>
<body>

    <h1>hahaha</h1>
    <method="post">{% csrf_token %}
    {{form.as_p}}
    <input type="submit" name="ok">
    </form>

</body>
</html>

参考 https://docs.djangoproject.com/en/dev/ref/csrf/#ref-contrib-csrf及 http://www.cnblogs.com/BeginMan/p/3460300.html 并未解决问题。

Python社区是高质量的Python/Django开发社区
本文地址:http://www.python88.com/topic/1239
Reply
 
3910 次点击  
文章 [ 4 ]  |  最新文章 8 年前
mitto_go
Reply   •   1 楼
mitto_go    8 年前

@MCC 正解!多谢帮忙。
mitto_go
Reply   •   2 楼
mitto_go    8 年前

@shen_gan 上传时出错了,应为

<form method="post">{% csrf_token %}
shen_gan
Reply   •   3 楼
shen_gan    8 年前

看你的模板文件,好像有点问题:没有 <form> 起始标签?
MCC
Reply   •   4 楼
MCC    8 年前 
#blabla
from django.shortcuts import render_to_response, RequestContext

def listt(request):
    if request.method=='POST':
        return HttpResponse('hello world')
    form= mybook()
    return render_to_response('2.html',{'form':form},context_instance=RequestContext(request),)
登录后回复
关于   移动版   ·   三行代码   ·   今天看啥   ·   Code   ·   link之家   ·   卧龙搜索   ·   藏经阁   ·   小百科
Py学习 - 专注于Python技术发展的社区(原Django社区)
沪ICP备11025650号