禁止（403）CSRF驗證失敗。 請求中止

Question

我正在嘗試將我的數據從表單發布到名為insert_data的url。 表單發布的數據應插入數據庫。 填寫表單后，當我單擊提交按鈕給出錯誤。 我在表單中包含了{％csrf_token％}。 我提到了很多關於這個錯誤的解決方案，這無濟於事。

Forbidden (403)
CSRF verification failed. Request aborted.

urls.py：

from django.conf.urls import url
from . import views

urlpatterns = [
    url(r'^$', views.index, name='index'),
    url(r'^chain$', views.chain, name='chain'),
    url(r'^add$', views.add, name='add'),
    url(r'^insert_order$', views.insert_order, name='insert_order'),
]

views.py

from django.shortcuts import render, render_to_response
from .models import Customers
from django.db import connection

def add(request):
    cursor = connection.cursor()
    cursor.execute('''select polls_products.modelNumber, polls_products.description, polls_products.cost from polls_products;''')
    results = cursor.fetchall()
    x = cursor.description
        resultsList = []   
        for r in results:
            i = 0
            d = {}
            while i < len(x):
                d[x[i][0]] = r[i]
                i = i+1
            resultsList.append(d)

    cursor1 = connection.cursor()
    cursor1.execute('''select polls_employees.first_name, polls_employees.last_name from polls_employees;''')
    results1 = cursor1.fetchall()
    x = cursor1.description
        resultsList1 = []   
        for r in results1:
            i = 0
            d = {}
            while i < len(x):
                d[x[i][0]] = r[i]
                i = i+1
            resultsList1.append(d)
    return render_to_response('polls/add.html', {"results1":resultsList1, "results":resultsList})

def insert_order(request):
    print "came"
    if request.method == "POST":
            print request.POST['product']
            print request.POST['emp']

        return render(request, 'polls/index.html', {})

add.html

<h1>Add Orders</h1>

<form action="{% url 'insert_order' %}" method="POST">
    {% csrf_token %}
Product: <select name="product">
<option disabled="disabled" selected="selected">select product</option>
    {% for r in results %}

            <option value="{{r.key}}" >{{r.modelNumber}} {{r.description}} {{r.cost}}</option>

    {% endfor %}
</select>
<br/><br/>
Employee: <select name="emp">
<option disabled="disabled" selected="selected">select Employee</option>
{% for r in results1 %}
     <option value="{{r.key}}" >{{r.first_name}} {{r.last_name}} </option>
{% endfor %}
</select>
<br/><br/>
<h3>Customer Details</h3>
First Name: <input type="text" id="fname" name="fname">
<br/><br/>
last Name: <input type="text" id="fname" name="fname">
<br/><br/>
City: <input type="text" id="fname" name="fname">
<br/><br/>
State: <input type="text" id="fname" name="fname">
<br/><br/>
Phone No: <input type="text" id="fname" name="fname">
<br/><br/>
<input type="submit" value="Save Order">
</form>

請幫忙。 我真的陷入了困境。

Answer 1

每次使用renter_to_response必須使用renter_to_response RequestContext(request)

return render_to_response("login.html", {"registration_id":registration_id}, context_instance=RequestContext(request))

你必須導入身份驗證和登錄：

from django.contrib.auth import authenticate, login

在設置更新中

SESSION_COOKIE_SECURE = True
CSRF_COOKIE_SECURE = True
SESSION_EXPIRE_AT_BROWSER_CLOSE = True
MIDDLEWARE_CLASSES = [
    "django.middleware.csrf.CsrfViewMiddleware",
    "django.middleware.common.CommonMiddleware",
    "django.contrib.sessions.middleware.SessionMiddleware",
    "django.contrib.auth.middleware.AuthenticationMiddleware",
    "django.contrib.messages.middleware.MessageMiddleware",
    'django.middleware.clickjacking.XFrameOptionsMiddleware',
]

請參考https://docs.djangoproject.com/ja/1.9/ref/csrf/

Answer 2

如果你沒有在你的應用程序中使用用戶身份驗證，請嘗試使用django decorator @crsf_exempt

例如：

from django.views.decorators.csrf import csrf_exempt

@csrf_exempt
def add(request):
   ...

@csrf_exempt
def insert_order(request):
       ...