我在 Django 中遇到 CSRF 失败,并且没有文章起作用。 它说它用于像我记得的那样的帖子,并且它包含在表单中,但不包含在表单标记中。
设置.py
MIDDLEWARE = [
'django.middleware.security.SecurityMiddleware',
'django.contrib.sessions.middleware.SessionMiddleware',
'django.middleware.common.CommonMiddleware',
'django.middleware.csrf.CsrfViewMiddleware',
'django.contrib.auth.middleware.AuthenticationMiddleware',
'django.contrib.messages.middleware.MessageMiddleware',
'django.middleware.clickjacking.XFrameOptionsMiddleware',
]
登录.html
{% extends 'base.html' %}
{% block body_block %}
<h1>Login</h1>
<form id="login_form" method="post" action="{% url 'accounts:login' %}">
{% csrf_token %}
<div class="input-group input-group-md">
<span class="input-group-addon">Username</span>
<input type="text"class="form-control" placeholder="Username" aria-describedby="basic-addon2" name="username" value="" size="50" />
</div>
<br>
<div class="input-group input-group-md">
<span class="input-group-addon">Password</span>
<input class="form-control" placeholder="Password" aria-describedby="basic-addon2" type="password" name="password" value="" size="50" />
</div>
<br>
<div class="input-group input-group-md">
<input class="btn btn-default navbar-btn" type="submit" value="Submit" />
</div>
</form>
<br /><br />
<a style="font-size:22px;" href="/accounts/register/">Need to make a new account?</a>
{% endblock %}
{% block buttons %}
{% endblock %}
views.py:
def user_login(request):
context = RequestContext(request)
if request.method == 'POST':
form = LoginForm(request.POST)
username = request.POST['username']
password = request.POST['password']
user = authenticate(username=username, password=password)
if user:
if user.is_active:
login(request, user)
return redirect('bookmarks:silo')
else:
return HttpResponse("Your Sitename account is disabled.")
else:
return render_to_response('accounts/login.html', locals(), context)
else:
template_name = 'accounts/login.html'
return render_to_response('accounts/login.html', locals(), context)
为什么这个 csrf token 不起作用?
最佳答案
您需要将 RequestContext 与参数 context_instance 一起使用,如下所示:
def user_login(request):
context = RequestContext(request)
if request.method == 'POST':
form = LoginForm(request.POST)
username = request.POST['username']
password = request.POST['password']
user = authenticate(username=username, password=password)
if user:
if user.is_active:
login(request, user)
return redirect('bookmarks:silo')
else:
return HttpResponse("Your Sitename account is disabled.")
else:
return render_to_response('accounts/login.html', context_instance = context, locals(), )
else:
template_name = 'accounts/login.html'
return render_to_response('accounts/login.html', context_instance = context, locals(), context)
还有一件事,context_instance 自 Django 1.8 起已被弃用。 您可以只使用:
return render(request,'accounts/login.html', locals())
关于python - CSRF 验证失败 - 请求中止,我们在Stack Overflow上找到一个类似的问题: https://stackoverflow.com/questions/41972729/