[英]Django 403 Forbidden CSRF
最近我在我的 Django 应用程序中看到一个奇怪的错误。 当我尝试登录时,Chrome 卡在“正在处理请求”上。 再次单击登录按钮后,它给了我 403 Forbidden CSRF 验证失败错误。 但是,当我单击“后退”按钮并使用相同的用户凭据再次按登录时,它成功登录。 我不知道为什么会这样。 我有两个 Django 应用程序,它们分别是“home”和“main”,在正确的凭据之后,它应该将用户带到“home”应用程序的视图。
我的主/user_login.html
<form method="POST" action="{%url 'main:user_login' %}" class="form-signin">
{% csrf_token %}
<div class="form-label-group">
<input type="text" name="username" id="inputText" class="form-control" placeholder="Username" required autofocus>
<br/>
</div>
<div class="form-label-group">
<input type="password" name="password" id="inputPassword" class="form-control" placeholder="Password" required>
</div>
<div class="custom-control custom-checkbox mb-3">
<input type="checkbox" class="custom-control-input" id="customCheck1">
<label class="custom-control-label" for="customCheck1">Remember password</label>
</div>
<input type="submit" class="form-control" name="" value="Login">
<hr class="my-4">
<p>Don't have account? <a href="{% url 'main:signup' %}" id="signup">Sign up here</a></p>
{% if message %}<p style="color: red;">{{ message }}</p>{% endif %}
<a href="{% url 'password_reset' %}" id="signup">Forgot Password</a>
</form>
我的主要/views.py:
def user_login(request):
if request.method == 'POST':
form = AuthenticationForm(request, data=request.POST)
if form.is_valid():
username = form.cleaned_data.get('username')
password = form.cleaned_data.get('password')
user = authenticate(username=username, password=password)
if user is not None:
login(request,user)
messages.info(request, "Successfully signed in")
return redirect(reverse('home:home'))
else:
message = 'Sorry, the username or password you entered is not valid please try again.'
return render(request, 'home/user_login.html', {'message':message})
else:
message = 'Sorry, the username or password you entered is not valid please try again.'
return render(request, 'home/user_login.html', {'message':message})
else:
form=AuthenticationForm()
return render(request, 'home/user_login.html', {"form":form})
我的家/views.py:
@要求登录
def home(request):
context = {
'posts': Post.objects.all()
}
return render(request, 'home/home.html', context)
我不明白是什么导致了这个问题,正如我之前提到的,在返回并再次单击登录后,用户可以成功登录。
提前致谢!
编辑:我已经意识到导致错误的原因是抛出错误消息的 else 语句。 我现在改变了我的观点,它不会给我一个错误,但我必须点击登录按钮两次,否则它会再次卡住。 我现在的看法是:
def user_login(request):
if request.method == 'POST':
username = request.POST.get('username', '')
password = request.POST.get('password', '')
user = authenticate(request, username=username, password=password)
if user is not None:
return redirect('home:home')
else:
messages.error(request,'Sorry, the username or password you entered is not valid please try again.')
return HttpResponseRedirect('/')
else:
form=AuthenticationForm()
return render(request, 'main/user_login.html', {"form":form})
我的 user_login.html 现在是:
<form method="POST" action="{% url 'main:user_login' %}" class="form-signin">
{% csrf_token %}
<div class="form-label-group">
<input type="text" name="username" id="inputText" class="form-control" placeholder="Username" required autofocus>
<br/>
</div>
<div class="form-label-group">
<input type="password" name="password" id="inputPassword" class="form-control" placeholder="Password" required>
</div>
<div class="custom-control custom-checkbox mb-3">
<input type="checkbox" class="custom-control-input" id="customCheck1">
<label class="custom-control-label" for="customCheck1">Remember password</label>
</div>
<input type="submit" class="form-control" name="" value="Login">
<hr class="my-4">
<p>Don't have account? <a href="{% url 'main:signup' %}" id="signup">Sign up here</a></p>
{% for message in messages %}
<p style="color: red;">{{ message }}</p>
{% endfor %}
<a href="{% url 'password_reset' %}" id="signup">Forgot Password</a>
</form>
这导致了这个问题:
else:
messages.error(request,'Sorry, the username or password you entered is not valid please try again.')
return HttpResponseRedirect('/')
试试这个:
@login_required
def home(request):
post = Post.objects.all()
context = {'post':post}
return render(request, 'home/home.html', context)
我认为问题可能出在 else 块中。
试试这个:
def user_login(request):
if request.method == 'POST':
form = AuthenticationForm(request, data=request.POST)
if form.is_valid():
username = form.cleaned_data.get('username')
password = form.cleaned_data.get('password')
user = authenticate(username=username, password=password)
if user is not None:
login(request,user)
messages.info(request, "Successfully signed in")
return redirect(reverse('home:home'))
else:
message = 'Sorry, the username or password you entered is not valid please try again.'
return render(request, 'home/user_login.html', {'message':message})
else:
form=AuthenticationForm()
return render(request, 'home/user_login.html', {"form":form})
Django 的 内置标签需要空格
在您的表单中修复此问题: action="{% url 'main:user_login' %}"
声明:本站的技术帖子网页,遵循CC BY-SA 4.0协议,如果您需要转载,请注明本站网址或者原文地址。任何问题请咨询:yoyou2525@163.com.