Django --CSRF 令牌丢失或不正确
[英]Django --CSRF token missing or incorrect
问题描述
So I am getting Forbidden (403) CSRF verification failed.
所以我收到 Forbidden (403) CSRF 验证失败。 Request aborted.请求中止。 Reason given for failure: CSRF token missing or incorrect.失败原因:CSRF 令牌丢失或不正确。
I have the 'django.middleware.csrf.CsrfViewMiddleware', in my middleware_classes.我的中间件类中有“django.middleware.csrf.CsrfViewMiddleware”。 Here is my template这是我的模板
<form name="input" action="/login/" method="Post"> {% csrf_token %}
<input type="submit" value="Submit"></form>
Here is my view这是我的观点
from django.shortcuts import render_to_response
from django.core.context_processors import csrf
from django.template import RequestContext
def login(request):
csrfContext = RequestContext(request)
return render_to_response('foo.html', csrfContext)
Well I am new to Django and most web development, but I cannot seem to find the problem here.好吧,我是 Django 和大多数 Web 开发的新手,但我似乎无法在这里找到问题。 Any help would be much appreciated!任何帮助将非常感激!
Also i have tried the method in the django documentation我也尝试过 django 文档中的方法
c = {}
c.update(csrf(request))
# ... view code here
return render_to_response("a_template.html", c)
6 个解决方案
解决方案1
12 2013-03-26 14:25:58
I had the same problem with you and i found this code that solve my problem.我和你有同样的问题,我发现这段代码可以解决我的问题。
from django.views.decorators.csrf import csrf_exempt
from django.shortcuts import render
from django.contrib import auth
#in accounts.forms i've placed my login form with two fields, username and password
from accounts.forms import LoginForm
@csrf_exempt
def login(request):
if request.method == "POST":
form = LoginForm(request.POST)
if form.is_valid():
user = auth.authenticate(
username=form.cleaned_data["username"],
password=form.cleaned_data["password"])
auth.login(request, user)
return HttpResponseRedirect("/")
else:
form = LoginForm()
return render(request, 'accounts/login.html', {'form':form})
解决方案2
6 已采纳 2012-10-04 16:12:54
Try adding the @csrf_protect decorator just before your login function.尝试在登录功能之前添加 @csrf_protect 装饰器。
from django.views.decorators.csrf import csrf_protect
@csrf_protect
def login(request):
csrfContext = RequestContext(request)
return render_to_response('foo.html', csrfContext)
If the form is not in foo.html then you need to add the @csrf_protect method to the view function that is generating it.如果表单不在 foo.html 中,那么您需要将 @csrf_protect 方法添加到生成它的视图函数中。
解决方案3
0 2012-10-04 16:08:25
You should do the following:您应该执行以下操作:
def login(request):
context = {}
request_context = RequestContext(request)
return render_to_response('foo.html', context,
request_context=request_context)
Here are official docs for render_to_response .这是render_to_response 官方文档。
解决方案4
0 2020-06-21 07:37:05
go urls and add the .as_view() next to the view metho/class ex.转到 urls 并在视图方法/类 ex 旁边添加 .as_view() 。
ObtainAuthTokenView.as_view()获取AuthTokenView.as_view()
解决方案5
0 2020-12-27 10:56:50
While disabling the CSRF tokens and manually getting the CSRF token value would still have worked.虽然禁用CSRF令牌并手动获取CSRF令牌值仍然有效。 But, in my case the syntax was not properly structured as in html we don't worry about our script design but I think when using jinja ie Our templating language it matter's and yes that's how I solved my problem.但是,在我的情况下,语法没有像 html 那样结构正确,我们不担心我们的脚本设计,但我认为在使用jinja即我们的模板语言很重要,是的,这就是我解决问题的方式。
解决方案6
-1 2019-12-09 20:47:55
只需将其添加到您的 HTML 中:
{% csrf_token %}
声明:本站的技术帖子网页,遵循CC BY-SA 4.0协议,如果您需要转载,请注明本站网址或者原文地址。任何问题请咨询:yoyou2525@163.com.