注册    登录
创作新主题
社区所有版块导航
Python
python开源   Django   Python   DjangoApp   pycharm  
DATA
docker   Elasticsearch  
分享
问与答   闲聊   招聘   翻译   创业   分享发现   分享创造   求职   区块链   支付之战  
aigc
aigc   chatgpt  
WEB开发
linux   MongoDB   Redis   DATABASE   NGINX   其他Web框架   web工具   zookeeper   tornado   NoSql   Bootstrap   js   peewee   Git   bottle   IE   MQ   Jquery  
机器学习
机器学习算法  
Python88.com
反馈   公告   社区推广  
产品
短视频  
印度
印度  
关注
Py学习  »  问与答

小白有关post与csrf的问题

mitto_go • 9 年前 • 4520 次点击  

本人初接触django,在实现一个简单例程时,报错:

Forbidden (403)

CSRF verification failed. Request aborted.

Help

Reason given for failure:

    CSRF token missing or incorrect.
In general, this can occur when there is a genuine Cross Site Request Forgery, or when Django's CSRF mechanism has not been used correctly. For POST forms, you need to ensure:

    Your browser is accepting cookies.
    The view function uses RequestContext for the template, instead of Context.
    In the template, there is a {% csrf_token %} template tag inside each POST form that targets an internal URL.
    If you are not using CsrfViewMiddleware, then you must use csrf_protect on any views that use the csrf_token template tag, as well as those that accept the POST data.

You're seeing the help section of this page because you have DEBUG = True in your Django settings file. Change that to False, and only the initial error message will be displayed.

You can customize this page using the CSRF_FAILURE_VIEW setting.

程序所要完成的任务为完成表单填写后确认返回helloworld,代码如下:

setting.py(部分)

MIDDLEWARE_CLASSES = (
    'django.contrib.sessions.middleware.SessionMiddleware',
    'django.middleware.common.CommonMiddleware',
    'django.middleware.csrf.CsrfViewMiddleware',
    'django.contrib.auth.middleware.AuthenticationMiddleware',
    'django.contrib.auth.middleware.SessionAuthenticationMiddleware',
    'django.contrib.messages.middleware.MessageMiddleware',
    'django.middleware.clickjacking.XFrameOptionsMiddleware', 
)

views.py

from django.shortcuts import render_to_response

from django.http import HttpResponse,Http404
from models import *
from form import *
from django.core.context_processors import csrf

def listt(request):
    if request.method=='POST':
        return HttpResponse('hello world')
    form= mybook()
    return render_to_response('2.html',{'form':form})

form.py

from django import forms

class mybook(forms.Form):
    name=forms.CharField()
    author=forms.CharField()
    date=forms.CharField()

2.html

<html>
<body>

    <h1>hahaha</h1>
    <method="post">{% csrf_token %}
    {{form.as_p}}
    <input type="submit" name="ok">
    </form>

</body>
</html>

参考 https://docs.djangoproject.com/en/dev/ref/csrf/#ref-contrib-csrf及 http://www.cnblogs.com/BeginMan/p/3460300.html 并未解决问题。

Python社区是高质量的Python/Django开发社区
本文地址:http://www.python88.com/topic/1239
Reply
 
4520 次点击  
文章 [ 4 ]  |  最新文章 9 年前
mitto_go
Reply   •   1 楼
mitto_go    9 年前

@MCC 正解!多谢帮忙。
mitto_go
Reply   •   2 楼
mitto_go    9 年前

@shen_gan 上传时出错了,应为

<form method="post">{% csrf_token %}
shen_gan
Reply   •   3 楼
shen_gan    9 年前

看你的模板文件,好像有点问题:没有 <form> 起始标签?
MCC
Reply   •   4 楼
MCC    9 年前 
#blabla
from django.shortcuts import render_to_response, RequestContext

def listt(request):
    if request.method=='POST':
        return HttpResponse('hello world')
    form= mybook()
    return render_to_response('2.html',{'form':form},context_instance=RequestContext(request),)
登录后回复
关于   移动版
Py学习 - 专注于Python技术发展的社区(原Django社区)
沪ICP备11025650号