python - 在 Django 1.10 中制作表单并收到 CSRF 验证失败。请求已中止

Question

我很难使用 Django 来处理 POST 请求。我不断收到此 403 错误消息: Response Page because of request

我试图最终制作一个搜索栏来搜索数据库。在index.html 上，我有一个搜索栏，然后它接受用户输入并将结果发送到search.html 页面。我还没有实现查询搜索，我只是希望使用 Django 表单功能将用户输入显示到 search.html 页面上。

我一直在使用本教程来制作我的第一个表单: https://docs.djangoproject.com/en/1.10/topics/forms/

下面是我创建的python和html脚本(有些变量与教程略有不同，但概念是相同的)

index.html

<form action="search/" method="post">
        <div class="search-bar">
            <input name="search" type="text" class="form-control" placeholder="What are you interested in?" style="width:1000px"> &nbsp; 
            <button type="submit" class="btn btn-default text-center" style="align-items: center;">Search</button>
        </div>
    </form>

View .py

from django.shortcuts import get_object_or_404, render, render_to_response
from django.http import HttpResponseRedirect
from django.views import generic
from django.utils import timezone
from .models import *
from django.views.generic.base import TemplateView # View static pages easier, no list
from .forms import NameForm
from django.template import RequestContext
from django.views.decorators.csrf import csrf_protect

class IndexView(generic.base.TemplateView):
    template_name = 'ahawebsite/index.html'
# 
class ContactView(generic.base.TemplateView):
    template_name = 'ahawebsite/contact.html'
# 
class AboutView(generic.base.TemplateView):
    template_name = 'ahawebsite/about.html'
# 
class SignupView(generic.base.TemplateView): 
    template_name = 'ahawebsite/signup.html'

# class Searchresults(generic.base.TemplateView): 
#     template_name = 'ahawebsite/search.html'

@csrf_protect  
def get_name(request):
    # if this is a POST request we need to process the form data
    if request.method == 'POST':
    # create a form instance and populate it with data from the request:
        form = NameForm(request.POST)
    # check whether it's valid:
        if form.is_valid():
        # process the data in form.cleaned_data as required
        # ...
        # redirect to a new URL:
            return redirect('thanks')

    # if a GET (or any other method) we'll create a blank form
    else:
        form = NameForm()
#   return render(request,"ahawebsite/search.html",{'form': form})
    return render_to_response("ahawebsite/search.html",{'form': form},context_instance=RequestContext(request))
def say_thanks(request):
    template = loader.get_template("ahawebsite/thanks.html")
    return HttpResponse(template.render({'search': 'search'},request))

url.py

from django.conf.urls import url

from . import views

app_name = 'ahawebsite'
urlpatterns = [

# Look to views.py file to see the references of the [ ]View objects
    url(r'^$', views.IndexView.as_view(), name='index'),
    url(r'about/$', views.AboutView.as_view(), name='about'),
    url(r'contact/$', views.ContactView.as_view(), name='contact'),
    url(r'signup/$', views.SignupView.as_view(), name='signup'),
    url(r'search/$', views.get_name, name='search'),
    url(r'^thanks/$',views.say_thanks,name='thanks'),
]

搜索.html

<form action = "/search/" method = "post">
    {% csrf_token %}
    {{ form }}
    <input type = "submit" value = "Submit" />
</form>

在使用 Django 表单功能时，我不想收到 403 页面作为响应。我是否正确使用了 CSRF token 系统？或者我做了其他完全错误的事情？

Answer 1

index.html 中的表单没有 {% csrf_token %}。但它仍然会发送到需要它的函数 (get_name)。 IOW，如果 index.html 中的表单应该发布到 /search/，那么您需要添加 {% csrf_token %}其形式，因为 get_name 受 csrf 保护。