Django中的CSRF失败
[英]CSRF in Django failure
问题描述
为什么在存在{%csrf_token%}的情况下出现以下错误?
禁止(403)CSRF验证失败。 请求中止。
这是我使用了很长时间的示例视图。
view.py
def editModel(self,request, offset):
if 'user' in request.session :
user = request.session['user']
if request.method == 'POST':
if 'editModel' in request.POST:
offset = int(offset)
fields = ProfilModel.objects.filter(name=user)
workingModelsFiles = WorkingWithModelsFiles()
listModel = workingModelsFiles.getCurrentModel(user, offset)
modelView = self.listModels(user)[offset-1]
loadModels = "document.getElementById('x3dElement" + str(offset) + "').runtime.showAll();"
params = {'id ': offset,
'userName' : request.session['user'],
'surname' : fields[0].surname,
'listModel': listModel,
'model': modelView,
'bodyLoadModels': loadModels
}
params.update(csrf(request))
return render_to_response('editModel.html', params)
else:
offset = int(offset)
fields = ProfilModel.objects.filter(name=user)
workingModelsFiles = WorkingWithModelsFiles()
listModel = workingModelsFiles.getCurrentModel(user, offset)
modelView = self.listModels(user)[offset-1]
loadModels = "document.getElementById('x3dElement" + str(offset) + "').runtime.showAll();"
params = {'id ': offset,
'userName' : request.session['user'],
'surname' : fields[0].surname,
'listModel': listModel,
'model': modelView,
'bodyLoadModels': loadModels
}
params.update(csrf(request))
return render_to_response('editModel.html', params)
else:
return HttpResponseRedirect("/login/")
它存在于模板{%csrf_token%}中,再次给我csrf错误
template.html
......
<div class="tab_container">
<div id="tab1" class="tab_content">
<table class="tablesorter" cellspacing="0">
<tbody>
<form action="{% url 'edit_model' listModel.0.id_model %}" method="post" >
{% csrf_token %}
{% for item in listModel %}
<tr>
<td rowspan="3" style="width: 300px;"> {{ model | safe }} </td>
<td> Name Model: <i><input class="text_field" type="text" id='id_Model' name="Model" value="{{ item.modelName }}" /> </i> </td>
</tr>
<tr>
<td> Author: <i> <input class="text_field" type="text" id='id_Author' name="Author" value="{{ item.author }}" /> </i> </td>
</tr>
<tr>
<td> <input type="submit" name="editModel" value="Edit" /> </td>
</tr>
{% endfor %}
</form>
</tbody>
</table>
</div><!-- end of #tab1 -->
.......
settings.py
MIDDLEWARE_CLASSES = (
'django.middleware.common.CommonMiddleware',
'django.contrib.sessions.middleware.SessionMiddleware',
'django.middleware.csrf.CsrfViewMiddleware',
'django.contrib.auth.middleware.AuthenticationMiddleware',
'django.contrib.messages.middleware.MessageMiddleware',
# Uncomment the next line for simple clickjacking protection:
# 'django.middleware.clickjacking.XFrameOptionsMiddleware',
)
1 个解决方案
解决方案1
0 2013-01-12 17:04:12
您是否尝试过使用RequestContext代替params.update(csrf(request))? 喜欢:
params = {'id ': offset,
'userName' : request.session['user'],
'surname' : fields[0].surname,
'listModel': listModel,
'model': modelView,
'bodyLoadModels': loadModels
}
ctx = RequestContext(request, params)
return render_to_response('editModel.html', context_instance=ctx)
使用Nginx部署Django应用程序后,AJAX POST请求上的CSRF失败
[英]CSRF Failure On AJAX POST Request After Deploy Django Application With Nginx
将 Razorpay 支付网关与 Django 集成导致 CSRF 验证失败
[英]Integrating Razorpay Payment Gateway with Django causing CSRF verification failure
声明:本站的技术帖子网页,遵循CC BY-SA 4.0协议,如果您需要转载,请注明本站网址或者原文地址。任何问题请咨询:yoyou2525@163.com.
相关问题
Django CSRF验证失败
Django CSRF令牌失败风险
Django 评论 - Ajax 和 CSRF 故障
Django CSRF 失败,使用 React 表单
Django:如何覆盖CSRF_FAILURE_TEMPLATE
CSRF 豁免失败 - APIView csrf django rest 框架
仅Opera上的Ajax发布请求出现Django CSRF失败
使用Nginx部署Django应用程序后,AJAX POST请求上的CSRF失败
CSRF失败导致间歇性403s(Django 1.2.3)
将 Razorpay 支付网关与 Django 集成导致 CSRF 验证失败
相关标签