stackoom
  简体   繁体   中英

Forbidden (403) CSRF verification failed. Request aborted.in Django

 原文  2017-12-24 17:17:30       python/ django/ django-forms/ django-csrf

Question

Why does Django show this error: 'Forbidden (403)CSRF verification failed. Request aborted.' when I already have {% csrf_token %} in the form.

templates/core/signup.html 

{% block content %}
    <form method="post">
        {% csrf_token %}
        {{ form.as_p }}
        <button type="submit">Sign up</button>
    </form>
{% endblock %}

views.py 

from django.contrib.auth.forms import UserCreationForm 
from django.views.generic.edit import CreateView 

class SignUpView(CreateView): 
    template_name = 'core/signup.html' 
    form_class = UserCreationForm

2 answers

solution1
 0  2017-12-25 16:55:11

Since you are already passing on the csrf token from django.core.context_processors.csrf to the context manager. Check whether the form HTML has something like this or not:

<input type='hidden' name='csrfmiddlewaretoken' value="jqhdwjavwjagjzbefjwdjqlkkop2j3ofje" />

A couple of other things are required to make the csrf protection work (check out the docs ):

  • Your browser has to accept cookies from your server

  • Make sure you have 'django.middleware.csrf.CsrfViewMiddleware' included as middleware in your settings.py (alternatively use the decorator csrf_protect() on particular views you want to protect)

solution2
 -1  2017-12-24 18:09:08

In your views.py you need to pass the RequestContext in your render_to_response for the context processors to actually be run. 

from django.template import RequestContext

 context = {}
 return render_to_response('my_template.html',
                           context,
                           context_instance=RequestContext(request))

the new render shortcut (django 1.3+) will do it for you: 

from django.shortcuts import render

 context = {}
 return render(request, 'my_template.html', context)

For class-based view : 

class MyFormView(View):
     form_class = MyForm
     initial = {'key': 'value'}
     template_name = 'form_template.html'

     def post(self, request, *args, **kwargs):
         form = self.form_class(request.POST)
         if form.is_valid():
             # <process form cleaned data>
             return HttpResponseRedirect('/success/')

         return render(request, self.template_name, {'form': form})

暂无
暂无

The technical post webpages of this site follow the CC BY-SA 4.0 protocol. If you need to reprint, please indicate the site URL or the original address.Any question please contact:yoyou2525@163.com.

Related Question Forbidden (403) CSRF verification failed. Request aborted using django Forbidden (403) CSRF verification failed. Request aborted 2 in django 1.8.5 Forbidden (403) CSRF verification failed. Request aborted on Django 1.11 Forbidden (403) CSRF verification failed. Request aborted. Django Forbidden (403) CSRF verification failed. Request aborted Forbidden (403) CSRF verification failed. Request aborted Python Django giving me Forbidden (403) CSRF verification failed. Request aborted Django admin login returns Forbidden 403 CSRF verification failed. Request aborted Django: "Forbidden (403) CSRF verification failed. Request aborted." in Docker Production Django-registration Forbidden (403) CSRF verification failed. Request aborted
Related Tags
 
粤ICP备18138465号  © 2020-2024 STACKOOM.COM