[英]Django form submission & CSRF (403 Forbidden)
提供有效數據並提交表單后,我得到以下信息: Forbidden (CSRF cookie not set.): /membership/success/
。 我的模板中有一個{% csrf_token %}
,並且我的settings.py中間件已配置為CSRF。
#urls.py
from django.contrib import admin
from django.urls import path, include
from membership import views as ms_views
membership_patterns = ([
path("", ms_views.RegistrationPage.as_view(), name="register"),
path("success/", ms_views.SuccessPage.as_view(), name="success")
], 'membership')
urlpatterns = [
path('admin/', admin.site.urls),
path('membership/', include(membership_patterns, namespace="new_members"))
]
# membership/views.py
from django.shortcuts import render
from django.template.loader import get_template
from django.views import View
from django.http import HttpResponse, HttpResponseRedirect
from membership.forms import RegisterForm
from django.urls import reverse
# Create your views here.
class RegistrationPage(View):
def get(self, request):
register_page = get_template('membership/signup.html')
register_form = RegisterForm()
return HttpResponse(register_page.render({'form' : register_form}))
def post(self, request):
submitted_form = RegisterForm(request.POST)
if submitted_form.is_valid():
return HttpResponseRedirect(reverse('membership:success'))
return HttpResponse(reverse('membership:register'))
class SuccessPage(View):
def get(self, request):
return HttpResponse("Success")
# signup.html
{% extends 'index.html' %}
{% block content %}
<form action="{% url 'membership:success' %}" method='post'>
{% csrf_token %}
{{ form.as_p }}
<button type="submit">Submit</button>
</form>
{% endblock %}
表單提交並有效后,我希望會出現302。 就像我說的,盡管我被禁止了403。
由於成功頁面沒有邏輯,因此您可以選擇免除CSRF令牌。 導入以下模塊
from django.views.decorators.csrf import csrf_exempt
並將@csrf_exempt放在函數開頭
@csrf_exempt
def get(self, request):
return HttpResponse("Success")
請參閱https://docs.djangoproject.com/en/2.2/ref/csrf/
但是,最好為您使用的每個模板包括{%csrf_token%},以確保CSRF令牌的一致性傳遞
聲明:本站的技術帖子網頁,遵循CC BY-SA 4.0協議,如果您需要轉載,請注明本站網址或者原文地址。任何問題請咨詢:yoyou2525@163.com.