Django csrf 令牌丢失或不正确错误 403
Django csrf token missing or incorrect error 403
当我提交表单时出现以下错误:
CSRF verification failed
Reason given for failure:
CSRF token missing or incorrect.
我的 views.py 是:
def name(request):
if request.method == 'POST':
form=NameForm(request.POST)
if form.is_valid():
name=form.cleandata['your_name']
return HttpResponseRedirect('/thanks/',RequestContext(request))
else:
form=NameForm()
return render_to_response('contact.html')
我的setting.py文件:
MIDDLEWARE = [
'django.middleware.security.SecurityMiddleware',
'django.contrib.sessions.middleware.SessionMiddleware',
'django.middleware.common.CommonMiddleware',
'django.middleware.csrf.CsrfViewMiddleware',
'django.contrib.auth.middleware.AuthenticationMiddleware',
'django.contrib.messages.middleware.MessageMiddleware',
'django.middleware.clickjacking.XFrameOptionsMiddleware',
]
我的 forms.py 文件是:
class NameForm(forms.Form):
your_name=forms.CharField(initial='your name',max_length=100)
我的 contact.html 是:
<form action="/your-name/" method="POST">
{% csrf_token %}
{{form}}
<input type="submit" value="Submit" />
</form>
urls.py 是:
urlpatterns = [
url(r'^admin/', admin.site.urls),
url(r'^search/$', search),url(r'^contact/$',contact),
url(r'^name/$',name),url(r'^your-name',name),url(r'^thanks/$',thank)
]
使用 @csrf_protect 装饰器。
您可以获取有关 csrf here
的详细信息
使用 render function to render the template, instead of the render_to_response.
from django.shortcuts import render
def name(request):
if request.method == 'POST':
form = NameForm(request.POST)
if form.is_valid():
name = form.cleaned_data['your_name']
return HttpResponseRedirect('/thanks/', RequestContext(request))
else:
form = NameForm()
return render(request, 'contact.html')
csrf Forbidden (CSRF token missing or incorrect.)提交请求时:
在表单中,包含 {% csrf_token %},它生成一个带有 csrf 令牌值的输入标签,并在请求中,让 headers 包含 X-CSRFTOKEN
headers: {
content_type: 'application/json',
'X-CSRFToken': "{{ csrf_token }}"
},
当我提交表单时出现以下错误:
CSRF verification failed
Reason given for failure:
CSRF token missing or incorrect.
我的 views.py 是:
def name(request):
if request.method == 'POST':
form=NameForm(request.POST)
if form.is_valid():
name=form.cleandata['your_name']
return HttpResponseRedirect('/thanks/',RequestContext(request))
else:
form=NameForm()
return render_to_response('contact.html')
我的setting.py文件:
MIDDLEWARE = [
'django.middleware.security.SecurityMiddleware',
'django.contrib.sessions.middleware.SessionMiddleware',
'django.middleware.common.CommonMiddleware',
'django.middleware.csrf.CsrfViewMiddleware',
'django.contrib.auth.middleware.AuthenticationMiddleware',
'django.contrib.messages.middleware.MessageMiddleware',
'django.middleware.clickjacking.XFrameOptionsMiddleware',
]
我的 forms.py 文件是:
class NameForm(forms.Form):
your_name=forms.CharField(initial='your name',max_length=100)
我的 contact.html 是:
<form action="/your-name/" method="POST">
{% csrf_token %}
{{form}}
<input type="submit" value="Submit" />
</form>
urls.py 是:
urlpatterns = [
url(r'^admin/', admin.site.urls),
url(r'^search/$', search),url(r'^contact/$',contact),
url(r'^name/$',name),url(r'^your-name',name),url(r'^thanks/$',thank)
]
使用 @csrf_protect 装饰器。
您可以获取有关 csrf here
使用 render function to render the template, instead of the render_to_response.
from django.shortcuts import render
def name(request):
if request.method == 'POST':
form = NameForm(request.POST)
if form.is_valid():
name = form.cleaned_data['your_name']
return HttpResponseRedirect('/thanks/', RequestContext(request))
else:
form = NameForm()
return render(request, 'contact.html')
csrf Forbidden (CSRF token missing or incorrect.)提交请求时:
在表单中,包含 {% csrf_token %},它生成一个带有 csrf 令牌值的输入标签,并在请求中,让 headers 包含 X-CSRFTOKEN
headers: {
content_type: 'application/json',
'X-CSRFToken': "{{ csrf_token }}"
},