我正在关注Django 1.3 Web开发。对于登录,我收到以下错误
Forbidden (403) CSRF verification failed. Request aborted. Help Reason given for failure: CSRF token missing or incorrect.
这是我的settings.py随附的APPS。这正是书上所说的样子。
INSTALLED_APPS = ( 'django.contrib.auth', 'django.contrib.contenttypes', 'django.contrib.sessions', 'django.contrib.sites', 'django.contrib.messages', 'django.contrib.staticfiles', # Uncomment the next line to enable the admin: 'django.contrib.admin', # Uncomment the next line to enable admin documentation: # 'django.contrib.admindocs', 'djangocricket.Cricket', 'djangocricket.cms' )
这本书说,它应该包含django.contrib.auth.views.login ..并且我将其包含在
urlpatterns = patterns('', # Examples: url(r'^$', 'djangocricket.Cricket.views.index', name='default'), url(r'^user/(\w+)/$', 'djangocricket.Cricket.views.user_home', name='user home'), url(r'^login/$', 'django.contrib.auth.views.login'), # url(r'^djangocricket/', include('djangocricket.foo.urls')), # Uncomment the admin/doc line below to enable admin documentation: #url(r'^admin/doc/', include('django.contrib.admindocs.urls')), # Uncomment the next line to enable the admin: url(r'^news/', 'djangocricket.cms.views.index', name='index'), #url(r'^news/(?P<slug>[^\.]+).html', 'djangocricket.cms.views.detail', name='get_single_news_item'), url(r'^admin/', include(admin.site.urls)), )
和我的registration / login.html …复制自本书的副本。它应该做。
<html> <head> <title>Django Bookmarks - User Login</title> </head> <h1>User Login</h1> {% if form.errors %} <p>Your username and password didn't match. Please try again.</p> {% endif %} <form method="post" action="."> <p><label for="id_username">Username:</label> {{ form.username }}</p> <p><label for="id_password">Password:</label> {{ form.password }}</p> <input type="hidden" name="next" value="/" /> <input type="submit" value="login" /> </form> </body> </html>
你需要将{% csrf_token %}模板标记添加为formDjango模板中元素的子代。
{% csrf_token %}
form
这样,模板将呈现一个隐藏元素,其值设置为CSRF令牌。当Django服务器收到表单请求时,Django将验证令牌与表单中呈现的值匹配。这对于确保POST请求(即,数据更改请求)源自真实的客户端会话是必要的。
