[英]Django throwing “CSRF token missing or incorrect” Error (because of empty value of csrfmiddlewaretoken)
我最近遇到了一個非常奇怪的問題。 我的模板中有一個表單如下:
<form class="form" id="loginForm" role="form" action="/user/login/"
method="POST">
{% csrf_token %}
<div class="form-group">
<input type="email" class="form-control" id="email" name="email"
placeholder="Enter email" value="">
</div>
<div class="form-group">
<input type="password" class="form-control" id="password"
name="password" placeholder="Password" value="">
</div>
<div class="cl-effect-7">
<button type="submit" class="btn btn-primary">SIGN IN</button>
</div>
</form>
我收到的CSRF token missing or incorrect
。 深入挖掘我發現盡管csrftoken cookie在瀏覽器中正確設置,但POST請求的空值為csrfmiddlewaretoken ,因此它會拋出錯誤並說明原因。
這也是我的看法(雖然我懷疑它是否有任何問題)
def user_login(request):
context = RequestContext(request)
if request.method == 'POST':
email = request.POST['email']
password = request.POST['password']
user = authenticate(username=email, password=password)
if user:
if user.is_active:
login(request, user)
return HttpResponseRedirect('/user/')
else:
return HttpResponse("Your account is disabled.")
else:
return HttpResponse("Invalid login details supplied.")
else:
return render_to_response('user/login.html', {},context_instance = context)
這是重定向到login.html的另一個視圖:
def index(request):
context_dict = {}
template = "user/login.html" #default template to render
user = None
user_profile = None
user = request.user.id
if user != None:
user_profile,created = UserProfile.objects.get_or_create(user=user)
#Check whether the user is new,if yes then he needs to select btw Mentor-Mentee
if user_profile and user_profile.is_new:
context_dict['selected'] = None
template = "user/select.html" #User has to select either Mentor/Mentee,so redirect to select.html
return render_to_response(template,context_dict,context_instance = RequestContext(request))
現在我使用小JavaScript來解決這個問題,通過手動設置cookie中的csrfmiddlewaretoken的值,但這是Django的一個奇怪的行為。
PS:我使用Django 1.7並在所有瀏覽器上測試了這一點。
嘗試將此添加到您的表單:
<div style="display:none">
<input type="hidden" name="csrfmiddlewaretoken" value="{{ csrf_token }}">
</div>
資料來源: https : //docs.djangoproject.com/en/dev/ref/csrf/#other-template-engines
聲明:本站的技術帖子網頁,遵循CC BY-SA 4.0協議,如果您需要轉載,請注明本站網址或者原文地址。任何問題請咨詢:yoyou2525@163.com.