[英]Django 403 Forbidden CSRF
最近我在我的 Django 應用程序中看到一個奇怪的錯誤。 當我嘗試登錄時,Chrome 卡在“正在處理請求”上。 再次單擊登錄按鈕后,它給了我 403 Forbidden CSRF 驗證失敗錯誤。 但是,當我單擊“后退”按鈕並使用相同的用戶憑據再次按登錄時,它成功登錄。 我不知道為什么會這樣。 我有兩個 Django 應用程序,它們分別是“home”和“main”,在正確的憑據之后,它應該將用戶帶到“home”應用程序的視圖。
我的主/user_login.html
<form method="POST" action="{%url 'main:user_login' %}" class="form-signin">
{% csrf_token %}
<div class="form-label-group">
<input type="text" name="username" id="inputText" class="form-control" placeholder="Username" required autofocus>
<br/>
</div>
<div class="form-label-group">
<input type="password" name="password" id="inputPassword" class="form-control" placeholder="Password" required>
</div>
<div class="custom-control custom-checkbox mb-3">
<input type="checkbox" class="custom-control-input" id="customCheck1">
<label class="custom-control-label" for="customCheck1">Remember password</label>
</div>
<input type="submit" class="form-control" name="" value="Login">
<hr class="my-4">
<p>Don't have account? <a href="{% url 'main:signup' %}" id="signup">Sign up here</a></p>
{% if message %}<p style="color: red;">{{ message }}</p>{% endif %}
<a href="{% url 'password_reset' %}" id="signup">Forgot Password</a>
</form>
我的主要/views.py:
def user_login(request):
if request.method == 'POST':
form = AuthenticationForm(request, data=request.POST)
if form.is_valid():
username = form.cleaned_data.get('username')
password = form.cleaned_data.get('password')
user = authenticate(username=username, password=password)
if user is not None:
login(request,user)
messages.info(request, "Successfully signed in")
return redirect(reverse('home:home'))
else:
message = 'Sorry, the username or password you entered is not valid please try again.'
return render(request, 'home/user_login.html', {'message':message})
else:
message = 'Sorry, the username or password you entered is not valid please try again.'
return render(request, 'home/user_login.html', {'message':message})
else:
form=AuthenticationForm()
return render(request, 'home/user_login.html', {"form":form})
我的家/views.py:
@要求登錄
def home(request):
context = {
'posts': Post.objects.all()
}
return render(request, 'home/home.html', context)
我不明白是什么導致了這個問題,正如我之前提到的,在返回並再次單擊登錄后,用戶可以成功登錄。
提前致謝!
編輯:我已經意識到導致錯誤的原因是拋出錯誤消息的 else 語句。 我現在改變了我的觀點,它不會給我一個錯誤,但我必須點擊登錄按鈕兩次,否則它會再次卡住。 我現在的看法是:
def user_login(request):
if request.method == 'POST':
username = request.POST.get('username', '')
password = request.POST.get('password', '')
user = authenticate(request, username=username, password=password)
if user is not None:
return redirect('home:home')
else:
messages.error(request,'Sorry, the username or password you entered is not valid please try again.')
return HttpResponseRedirect('/')
else:
form=AuthenticationForm()
return render(request, 'main/user_login.html', {"form":form})
我的 user_login.html 現在是:
<form method="POST" action="{% url 'main:user_login' %}" class="form-signin">
{% csrf_token %}
<div class="form-label-group">
<input type="text" name="username" id="inputText" class="form-control" placeholder="Username" required autofocus>
<br/>
</div>
<div class="form-label-group">
<input type="password" name="password" id="inputPassword" class="form-control" placeholder="Password" required>
</div>
<div class="custom-control custom-checkbox mb-3">
<input type="checkbox" class="custom-control-input" id="customCheck1">
<label class="custom-control-label" for="customCheck1">Remember password</label>
</div>
<input type="submit" class="form-control" name="" value="Login">
<hr class="my-4">
<p>Don't have account? <a href="{% url 'main:signup' %}" id="signup">Sign up here</a></p>
{% for message in messages %}
<p style="color: red;">{{ message }}</p>
{% endfor %}
<a href="{% url 'password_reset' %}" id="signup">Forgot Password</a>
</form>
這導致了這個問題:
else:
messages.error(request,'Sorry, the username or password you entered is not valid please try again.')
return HttpResponseRedirect('/')
試試這個:
@login_required
def home(request):
post = Post.objects.all()
context = {'post':post}
return render(request, 'home/home.html', context)
我認為問題可能出在 else 塊中。
試試這個:
def user_login(request):
if request.method == 'POST':
form = AuthenticationForm(request, data=request.POST)
if form.is_valid():
username = form.cleaned_data.get('username')
password = form.cleaned_data.get('password')
user = authenticate(username=username, password=password)
if user is not None:
login(request,user)
messages.info(request, "Successfully signed in")
return redirect(reverse('home:home'))
else:
message = 'Sorry, the username or password you entered is not valid please try again.'
return render(request, 'home/user_login.html', {'message':message})
else:
form=AuthenticationForm()
return render(request, 'home/user_login.html', {"form":form})
Django 的 內置標簽需要空格
在您的表單中修復此問題: action="{% url 'main:user_login' %}"
聲明:本站的技術帖子網頁,遵循CC BY-SA 4.0協議,如果您需要轉載,請注明本站網址或者原文地址。任何問題請咨詢:yoyou2525@163.com.