Django CSRF验证失败. 请求被中断


禁止访问 (403)
CSRF验证失败. 请求被中断.
Reason given for failure:
​ CSRF token missing or incorrect.
In general, this can occur when there is a genuine Cross Site Request Forgery, or when Django's CSRF mechanism has not been used correctly. For POST forms, you need to ensure:

  • Your browser is accepting cookies.
  • The view function passes a request to the template's render method.
  • In the template, there is a {% csrf_token %} template tag inside each POST form that targets an internal URL.
  • If you are not using CsrfViewMiddleware, then you must use csrf_protect on any views that use the csrf_token template tag, as well as those that accept the POST data.
  • The form has a valid CSRF token. After logging in in another browser tab or hitting the back button after a login, you may need to reload the page with the form, because the token is rotated after a login.
    You're seeing the help section of this page because you have DEBUG = True in your Django settings file. Change that to False, and only the initial error message will be displayed.
    You can customize this page using the CSRF_FAILURE_VIEW setting.


  1. 检查settings.py中是否有下面的配置,如没有加上:
    'django.middleware.csrf.CsrfViewMiddleware', # 确认存在

  2. html中的form添加模板标签{% csrf_token %}
    <form action="/saveBlog/" method="post">
    {% csrf_token %}

  3. 针对views.py进行修改
    from django.shortcuts import render_to_response
    from django.template import RequestContext
    `def some_blog(request):` # ...
    return render_to_response('my_template.html',
    def edit_blog(request):
    template = get_template('editBlog.html')
    moods = Mood.objects.all()
    html = template.render(locals())
    ` return HttpResponse(html)因为官方文档上说renderrender_to_responseshortcut`,所以没有照网站资料上说的去改。于是错误总是无法解决。

几番挣扎之后,终于在Django出错页面中自己给出的解决办法中有一条: The view function passes arequest to the template's rendermethod.(即:视图函数中传递 request 给模板的render方法)。

def edit_blog(request):
template = get_template('editBlog.html')
moods = Mood.objects.all()
html = template.render(locals(), request) # 把request传递给template.render()
` return HttpResponse(html)`

Django CSRF验证失败. 请求被中断介绍到这里,更多Python学习请参考编程字典Python教程 和问答部分,谢谢大家对编程字典的支持。