Django CSRF验证失败. 请求被中断.
当页面中form使用POST方式向后台提交时,报如下错误:
禁止访问 (403)
CSRF验证失败. 请求被中断.
Help
Reason given for failure:
CSRF token missing or incorrect.
In general, this can occur when there is a genuine Cross Site Request Forgery, or when Django's CSRF mechanism has not been used correctly. For POST forms, you need to ensure:
- Your browser is accepting cookies.
- The view function passes a
requestto the template'srendermethod.- In the template, there is a
{% csrf_token %}template tag inside each POST form that targets an internal URL.- If you are not using
CsrfViewMiddleware, then you must usecsrf_protecton any views that use thecsrf_tokentemplate tag, as well as those that accept the POST data.- The form has a valid CSRF token. After logging in in another browser tab or hitting the back button after a login, you may need to reload the page with the form, because the token is rotated after a login.
You're seeing the help section of this page because you haveDEBUG = Truein your Django settings file. Change that toFalse, and only the initial error message will be displayed.
You can customize this page using the CSRF_FAILURE_VIEW setting.
在网上查找了很多资料,普遍采用的解决方法是:
检查
settings.py中是否有下面的配置,如没有加上:
MIDDLEWARE_CLASSES = (
'django.middleware.common.CommonMiddleware',
'django.contrib.sessions.middleware.SessionMiddleware',
'django.middleware.csrf.CsrfViewMiddleware', # 确认存在
'django.contrib.auth.middleware.AuthenticationMiddleware',
'django.contrib.messages.middleware.MessageMiddleware',
'django.middleware.clickjacking.XFrameOptionsMiddleware',
)html中的form添加模板标签{% csrf_token %}
<form action="/saveBlog/" method="post">
{% csrf_token %}
...
</form>针对views.py进行修改
from django.shortcuts import render_to_response
from django.template import RequestContext
def some_blog(request):
# ...
return render_to_response('my_template.html',
my_data_dictionary,
context_instance=RequestContext(request))
以上各步都基本照做了。其中针对视图的修改,因我的写法与网上不一样,我的是:
def edit_blog(request):
template = get_template('editBlog.html')
moods = Mood.objects.all()
html = template.render(locals())
``
return HttpResponse(html)
因为官方文档上说render是render_to_response的shortcut,所以没有照网站资料上说的去改。于是错误总是无法解决。
几番挣扎之后,终于在Django出错页面中自己给出的解决办法中有一条:The view function passes a request to the template's rendermethod.(即:视图函数中传递 request 给模板的render方法)。
按这个访求修改后,终于解决问题了!!
def edit_blog(request):
template = get_template('editBlog.html')
moods = Mood.objects.all()
html = template.render(locals(), request) # 把request传递给template.render()
``
return HttpResponse(html)
最新文章
- 【webGL】插件的使用的,实现一个鼠标动画的盒子
- C++ 画星号图形——空心正方形(核心代码)
- 腾讯优测干货精选|Android双卡双待适配——隐藏在数据库中的那些秘密
- 提示用户升级IE6浏览器的办法
- android开发软件
- Go 语言做的几个验证码
- redo文件三
- Asp.Net 之 通过调用 WScript.Shell 启动本地 exe 程序时产生“ automation服务器不能创建对象 ”的错误
- 总结&记录
- Android开源库集锦
- windows phone:使用sqlite-net
- MaidSafe.net,一个完全去中心的化的云存储系统
- JS定时器的使用--延时提示框
- JVM运行和类加载过程
- HTML Entity 字符实体
- 利用overflow实现导航栏中常 出现的倒三角下拉小图标
- Docker 简述
- Cetos 7 防火墙设置
- Android打开doc、xlsx、ppt等office文档解决方案
- word2vec生成词向量和字向量