Python Django 给我 Forbidden (403) CSRF 验证失败。 请求中止
[英]Python Django giving me Forbidden (403) CSRF verification failed. Request aborted
问题描述
Django Version = 2.2.2 This problem appears to happen on using Google Chrome. 
Django Version = 2.2.2 这个问题似乎发生在使用谷歌浏览器上。
I have added {% csrf_token %} inside all my form tags like this:我在所有表单标签中添加了 {% csrf_token %},如下所示:
{% extends 'base.html' %}
{% block content %}
<form method="post">
{% csrf_token %} #-------------> here it is
{% for field in login_form %}
<p>
{{field.label_tag}}
{{field}}
{% if field.help_text %}
{field.help_text}}
{% endif %}
</p>
{% endfor %}
{% for field in login_form %}
{% for error in field.errors %}
<p>{{error}}</p>
{% endfor %}
{% endfor %}
{% if login_form.non_field_errors %}
<p>{{login_form.non_field_errors}}</p>
{% endif %}
<input type="submit" value="Login">
</form>
{% endblock content %}
But when I actually try to login using that form and click the submit button, it should then redirect me to the home page.但是当我实际尝试使用该表单登录并单击提交按钮时,它应该将我重定向到主页。 However, instead it is giving me the below error message:但是,它给了我以下错误消息:
*Forbidden (403) CSRF verification failed. *禁止 (403) CSRF 验证失败。 Request aborted.请求中止。 Help Reason given for failure: CSRF token missing or incorrect.帮助 失败原因:CSRF 令牌丢失或不正确。
In general, this can occur when there is a genuine Cross Site Request Forgery, or when Django's CSRF mechanism has not been used correctly.一般来说,当存在真正的跨站请求伪造,或者没有正确使用 Django 的 CSRF 机制时,就会出现这种情况。 For POST forms, you need to ensure: Your browser is accepting cookies.对于 POST 表单,您需要确保: 您的浏览器正在接受 cookie。 The view function passes a request to the template's render method.视图函数将请求传递给模板的渲染方法。 In the template, there is a {% csrf_token %} template tag inside each POST form that targets an internal URL.在模板中,每个 POST 表单中都有一个 {% csrf_token %} 模板标记,其目标是内部 URL。 If you are not using CsrfViewMiddleware, then you must use csrf_protect on any views that use the csrf_token template tag, as well as those that accept the POST data.如果您没有使用 CsrfViewMiddleware,那么您必须在任何使用 csrf_token 模板标记的视图以及接受 POST 数据的视图上使用 csrf_protect。 The form has a valid CSRF token.该表单具有有效的 CSRF 令牌。 After logging in in another browser tab or hitting the back button after a login, you may need to reload the page with the form, because the token is rotated after a login.登录另一个浏览器选项卡或登录后点击后退按钮后,您可能需要使用表单重新加载页面,因为登录后令牌会旋转。 You're seeing the help section of this page because you have DEBUG = True in your Django settings file.您看到此页面的帮助部分是因为您的 Django 设置文件中有 DEBUG = True。 Change that to False, and only the initial error message will be displayed.将其更改为 False,将仅显示初始错误消息。 You can customize this page using the CSRF_FAILURE_VIEW setting.*您可以使用 CSRF_FAILURE_VIEW 设置自定义此页面。*
1 个解决方案
解决方案1
1 2020-11-22 15:42:47
This is the error you are facing: https://docs.djangoproject.com/en/3.1/ref/csrf/#rejected-requests这是您面临的错误: https : //docs.djangoproject.com/en/3.1/ref/csrf/#rejected-requests
You could use the @csrf_exempt decorator to prevent the csrf errors and with it you could remove the {% csrf_token %} altogether.您可以使用@csrf_exempt装饰器来防止 csrf 错误,并且可以使用它完全删除{% csrf_token %} 。 Check this: https://docs.djangoproject.com/en/3.0/ref/csrf/#django.views.decorators.csrf.csrf_exempt检查这个: https : //docs.djangoproject.com/en/3.0/ref/csrf/#django.views.decorators.csrf.csrf_exempt
声明:本站的技术帖子网页,遵循CC BY-SA 4.0协议,如果您需要转载,请注明本站网址或者原文地址。任何问题请咨询:yoyou2525@163.com.