如何解决“禁止(403)CSRF验证失败。 请求中止。” Django中的错误
[英]How to fix “Forbidden (403) CSRF verification failed. Request aborted.” error in django
问题描述
I'm getting this common error as in the title. 
我在标题中遇到了这个常见错误。 I'm doing a project in Django in a virtual environment folder. 我正在Django的虚拟环境文件夹中做一个项目。
setting.py: setting.py:
MIDDLEWARE = [
'django.middleware.security.SecurityMiddleware',
'django.contrib.sessions.middleware.SessionMiddleware',
'django.middleware.common.CommonMiddleware',
'django.middleware.csrf.CsrfViewMiddleware',
'django.contrib.auth.middleware.AuthenticationMiddleware',
'django.contrib.messages.middleware.MessageMiddleware',
'django.middleware.clickjacking.XFrameOptionsMiddleware',
]
index.html: index.html的:
{% load static %}
<!DOCTYPE html>
<html>
<head>
<meta charset="utf-8">
<meta name="viewport" content="width=device-width, initial-scale=1.0">
<title>Instapic</title>
<link rel="stylesheet" href="{% static 'assets/bootstrap/css/bootstrap.min.css' %}">
<link rel="stylesheet" href="{% static 'assets/css/Login-Form-Clean.css' %}">
<link rel="stylesheet" href="{% static 'assets/css/styles.css' %}">
</head>
<body>
<div class="login-clean">
<form method="post">
{% csrf_token %}
<h2 class="sr-only">Login Form</h2>
<div class="illustration">
<div style="display: none" id="errors" class="well form-error-message"></div>
<img src="{% static 'assets/img/logo.jpg' %}">
</div>
<div class="form-group">
<input class="form-control" id="username" type="text" name="username" required="" placeholder="Username" maxlength="20" minlength="4">
</div>
<div class="form-group">
<input class="form-control" id="email" type="email" name="email" required="" placeholder="Email" maxlength="100" minlength="6">
</div>
<div class="form-group">
<input class="form-control" id="password" type="password" name="password" required="" placeholder="Password" maxlength="20" minlength="6">
</div>
<div class="form-group">
<button class="btn btn-primary btn-block" id="go" type="submit">Create Account</button>
</div><a href="#" class="forgot">Already got an account? Login here ...</a></form>
</div>
<script src="{% static 'assets/js/jquery.min.js' %}"></script>
<script src="{% static 'assets/bootstrap/js/bootstrap.min.js' %}"></script>
<script src={% static "assets/js/django-ajax.js" %}></script>
<script type="text/javascript">
$(document).ready(function() {
$('#go').click(function() {
$.post("ajax-sign-up",
{
username: $("#username").val(),
email: $("#email").val(),
password: $("#password").val()
},
function(data, status){
if (JSON.parse(data).Status == 'Success') {
window.location = '/';
} else {
$('#errors').html("<span>" + JSON.parse(data).Message + "</span>")
$('#errors').css('display', 'block')
}
});
return false;
})
})
</script>
</body>
</html>
I added {% csrf_token %} in my html file trying fix this - didn't work. 我在HTML文件中添加了{% csrf_token %} ,试图解决此问题-无法正常工作。 I've found online this tag example: 我在网上找到了这个标签示例:
<input type="hidden" id="csrf_token" value='{"csrfmiddlewaretoken": "{{ csrf_token }}"}'> . <input type="hidden" id="csrf_token" value='{"csrfmiddlewaretoken": "{{ csrf_token }}"}'> 。
Unfortunately I don't know how to use it in order to fix my error. 不幸的是,我不知道如何使用它来修复我的错误。 Thanks for help 感谢帮助
2 个解决方案
解决方案1
2 2019-08-29 13:53:10
I guess, instead of post a form you are posting values. 我想,不是在发布表单,而是在发布值。 You need to add csrfmiddlewaretoken key while execute $.post() statement. 执行$ .post()语句时,需要添加csrfmiddlewaretoken密钥。
This is not Tested but it may be fix your problem 这未经测试,但可能可以解决您的问题
csrfmiddlewaretoken: document.getElementsByName('csrfmiddlewaretoken')[0].value
or 要么
csrfmiddlewaretoken: $('[name=csrfmiddlewaretoken]').val()
add this line in HTML file by updating 通过更新在HTML文件中添加此行
$.post("ajax-sign-up",
{
username: $("#username").val(),
email: $("#email").val(),
password: $("#password"),
csrfmiddlewaretoken: $('[name=csrfmiddlewaretoken]').val()
},
updated code is : 更新的代码是:
{% load static %}
<!DOCTYPE html>
<html>
<head>
<meta charset="utf-8">
<meta name="viewport" content="width=device-width, initial-scale=1.0">
<title>Instapic</title>
<link rel="stylesheet" href="{% static 'assets/bootstrap/css/bootstrap.min.css' %}">
<link rel="stylesheet" href="{% static 'assets/css/Login-Form-Clean.css' %}">
<link rel="stylesheet" href="{% static 'assets/css/styles.css' %}">
</head>
<body>
<div class="login-clean">
<form method="post">
{% csrf_token %}
<h2 class="sr-only">Login Form</h2>
<div class="illustration">
<div style="display: none" id="errors" class="well form-error-message"></div>
<img src="{% static 'assets/img/logo.jpg' %}">
</div>
<div class="form-group">
<input class="form-control" id="username" type="text" name="username" required="" placeholder="Username" maxlength="20" minlength="4">
</div>
<div class="form-group">
<input class="form-control" id="email" type="email" name="email" required="" placeholder="Email" maxlength="100" minlength="6">
</div>
<div class="form-group">
<input class="form-control" id="password" type="password" name="password" required="" placeholder="Password" maxlength="20" minlength="6">
</div>
<div class="form-group">
<button class="btn btn-primary btn-block" id="go" type="submit">Create Account</button>
</div><a href="#" class="forgot">Already got an account? Login here ...</a></form>
</div>
<script src="{% static 'assets/js/jquery.min.js' %}"></script>
<script src="{% static 'assets/bootstrap/js/bootstrap.min.js' %}"></script>
<script src={% static "assets/js/django-ajax.js" %}></script>
<script type="text/javascript">
$(document).ready(function() {
$('#go').click(function() {
$.post("ajax-sign-up",
{
username: $("#username").val(),
email: $("#email").val(),
password: $("#password").val(),
csrfmiddlewaretoken: $('[name=csrfmiddlewaretoken]').val()
},
function(data, status){
if (JSON.parse(data).Status == 'Success') {
window.location = '/';
} else {
$('#errors').html("<span>" + JSON.parse(data).Message + "</span>")
$('#errors').css('display', 'block')
}
});
return false;
})
})
</script>
</body>
</html>
解决方案2
1 2019-08-29 14:01:59
如果您只是发布具有id signup-form的HTML表单的内容(将其添加到<form> ),并且您的表单具有{% csrf_token %} ,则可以使用以下命令在ajax中进行操作:
$.post("ajax-sign-up", $("#signup-form").serialize(), function(data, status){...})
声明:本站的技术帖子网页,遵循CC BY-SA 4.0协议,如果您需要转载,请注明本站网址或者原文地址。任何问题请咨询:yoyou2525@163.com.
相关问题
禁止(403)CSRF验证失败。 请求中止。 Django的 - Forbidden (403) CSRF verification failed. Request aborted. Django
Django:“禁止 (403) CSRF 验证失败。请求中止。” 在 Docker 生产中 - Django: "Forbidden (403) CSRF verification failed. Request aborted." in Docker Production
禁止(403)CSRF验证失败。 请求中止。 即使使用{%csrf_token%} - Forbidden (403) CSRF verification failed. Request aborted. Even using the {% csrf_token %}
禁止(403)CSRF验证失败。 请求使用django中止 - Forbidden (403) CSRF verification failed. Request aborted using django
禁止(403)CSRF验证失败。 请求中止。在Django中 - Forbidden (403) CSRF verification failed. Request aborted.in Django
禁止(403)CSRF验证失败。 请求在Django 1.8.5中中止2 - Forbidden (403) CSRF verification failed. Request aborted 2 in django 1.8.5
禁止(403)CSRF验证失败。 请求在Django 1.11上中止 - Forbidden (403) CSRF verification failed. Request aborted on Django 1.11
403禁止,CSRF验证失败。 请求中止。 python请求 - 403 forbidden and CSRF verification failed. Request aborted. python requests
Forbidden (403) CSRF 验证失败。 请求中止。 登录页面不工作 - Forbidden (403) CSRF verification failed. Request aborted. login page not working
CSRF验证失败。 请求中止。 的Django 1.7 - CSRF verification failed. Request aborted. Django 1.7
相关标签