当页面中form使用POST方式向后台提交时,报如下错误:
禁止访问 (403) CSRF验证失败. 请求被中断. Help Reason given for failure: CSRF token missing or incorrect. In general, this can occur when there is a genuine Cross Site Request Forgery, or when Django's CSRF mechanism has not been used correctly. For POST forms, you need to ensure: Your browser is accepting cookies. The view function passes a request to the template's render method. In the template, there is a {% csrf_token %} template tag inside each POST form that targets an internal URL. If you are not using CsrfViewMiddleware, then you must use csrf_protect on any views that use the csrf_token template tag, as well as those that accept the POST data. The form has a valid CSRF token. After logging in in another browser tab or hitting the back button after a login, you may need to reload the page with the form, because the token is rotated after a login. You're seeing the help section of this page because you have DEBUG = True in your Django settings file. Change that to False, and only the initial error message will be displayed. You can customize this page using the CSRF_FAILURE_VIEW setting.
禁止访问 (403) CSRF验证失败. 请求被中断. Help Reason given for failure: CSRF token missing or incorrect. In general, this can occur when there is a genuine Cross Site Request Forgery, or when Django's CSRF mechanism has not been used correctly. For POST forms, you need to ensure:
request
render
{% csrf_token %}
CsrfViewMiddleware
csrf_protect
csrf_token
DEBUG = True
False
在网上查找了很多资料,普遍采用的解决方法是:
检查settings.py中是否有下面的配置,如没有加上: MIDDLEWARE_CLASSES = ( 'django.middleware.common.CommonMiddleware', 'django.contrib.sessions.middleware.SessionMiddleware', 'django.middleware.csrf.CsrfViewMiddleware', # 确认存在 'django.contrib.auth.middleware.AuthenticationMiddleware', 'django.contrib.messages.middleware.MessageMiddleware', 'django.middleware.clickjacking.XFrameOptionsMiddleware', )
settings.py
MIDDLEWARE_CLASSES = (
'django.middleware.common.CommonMiddleware',
'django.contrib.sessions.middleware.SessionMiddleware',
'django.middleware.csrf.CsrfViewMiddleware', # 确认存在
'django.contrib.auth.middleware.AuthenticationMiddleware',
'django.contrib.messages.middleware.MessageMiddleware',
'django.middleware.clickjacking.XFrameOptionsMiddleware',
)
html中的form添加模板标签{% csrf_token %} <form action="/saveBlog/" method="post"> {% csrf_token %} ... </form>
<form action="/saveBlog/" method="post">
...
</form>
针对views.py进行修改 from django.shortcuts import render_to_response from django.template import RequestContext `def some_blog(request):` # ... return render_to_response('my_template.html', my_data_dictionary, context_instance=RequestContext(request)) 以上各步都基本照做了。其中针对视图的修改,因我的写法与网上不一样,我的是: def edit_blog(request): template = get_template('editBlog.html') moods = Mood.objects.all() html = template.render(locals()) ` return HttpResponse(html)因为官方文档上说render是render_to_response的shortcut`,所以没有照网站资料上说的去改。于是错误总是无法解决。
from django.shortcuts import render_to_response
from django.template import RequestContext
`
` # ...
return render_to_response('my_template.html',
my_data_dictionary,
context_instance=RequestContext(request))
def edit_blog(request):
template = get_template('editBlog.html')
moods = Mood.objects.all()
html = template.render(locals())
因为官方文档上说
是
的
几番挣扎之后,终于在Django出错页面中自己给出的解决办法中有一条: The view function passes arequest to the template's rendermethod.(即:视图函数中传递 request 给模板的render方法)。
按这个访求修改后,终于解决问题了!! def edit_blog(request): template = get_template('editBlog.html') moods = Mood.objects.all() html = template.render(locals(), request) # 把request传递给template.render() ` return HttpResponse(html)`
html = template.render(locals(), request) # 把request传递给template.render()
Django CSRF验证失败. 请求被中断介绍到这里,更多Python学习请参考编程字典Python教程 和问答部分,谢谢大家对编程字典的支持。
原文链接:https://www.cnblogs.com/i-am-sailing/p/13961118.html
