为什么我在Django中收到403错误“缺少CSRF令牌”?
[英]Why am I getting a 403 error “CSRF token missing” with Django?
问题描述
I'm using REST Easy in Firefox to make a POST request to a simple form in Django, but it's giving me a 403 error “2295 CSRF token missing or incorrect”. 
我在Firefox中使用REST Easy向Django中的简单表单发出POST请求,但这给了我403错误“ 2295 CSRF令牌丢失或不正确”。
This is my views.py (since I'm using the net behind a proxy): 这是我的views.py (因为我正在使用代理后面的网络):
from django.shortcuts import render
import urllib2
def home(request):
if request.method == 'POST':
post = request.POST
if 'passkey' in post:
if post['passkey'] == '123':
proxy = urllib2.ProxyHandler({'http': 'http://070.13095070:pujakumari123@10.1.1.19:80'})
auth = urllib2.HTTPBasicAuthHandler()
opener = urllib2.build_opener(proxy, auth, urllib2.HTTPHandler)
urllib2.install_opener(opener)
j = urllib2.urlopen(post['url'])
j_obj = json.load(j)
return HttpResponse(j_obj)
else:
return render(request, 'packyourbag/home_page.html')
and my template file: 和我的模板文件:
<html>
<body>
<form id="form" method="post">
{% csrf_token %}
url:<input type="text" name="url"/>
Pass Key:<input type="text" name="passkey"/>
<button type="submit" name="url_post">
Post
</button>
</form>
</body>
</html>
I'm passing a URL and passkey, and I don't know how to pass a CSRF token (I don't even know if I have to pass this or not). 我正在传递URL和密钥,而且我不知道如何传递CSRF令牌(我什至不知道是否必须传递此密码)。
2 个解决方案
解决方案1
0 2015-02-18 22:00:00
It is because you aren't passing the CSRF Token through with rest-easy . 这是因为您没有通过rest-easy传递CSRF令牌。 You can either do as @Selcuk suggested and wrap your view function with @csrf_exempt while testing, or you can find the CSRF Token and POST that with rest-easy 你可以做的@Selcuk建议和包装你的视图功能@csrf_exempt测试时,或者你可以找到CSRF令牌和POST与rest-easy
解决方案2
0 已采纳 2015-02-19 08:32:19
You can disable the CSRF token requirement by putting @csrf_exempt before your view: 您可以通过在@csrf_exempt之前放置@csrf_exempt来禁用CSRF令牌要求:
First import the decorator at the top of your views.py: 首先在您的views.py顶部导入装饰器:
from django.views.decorators.csrf import csrf_exempt
Then decorate your view like: 然后像这样装饰您的视图:
@csrf_exempt
def home(request):
Warning: This will make your view vulnerable to cross site request forgery attacks. 警告:这会使您的视图容易受到跨站点请求伪造攻击的攻击。 See https://docs.djangoproject.com/en/1.7/ref/contrib/csrf/ for details. 有关详细信息,请参见https://docs.djangoproject.com/en/1.7/ref/contrib/csrf/ 。
声明:本站的技术帖子网页,遵循CC BY-SA 4.0协议,如果您需要转载,请注明本站网址或者原文地址。任何问题请咨询:yoyou2525@163.com.