python - django基础博客CSRF验证失败。请求已中止

Question

我正在尝试学习 django。我正在开发一个基本博客，现在我希望能够添加帖子。我想通过发布请求来执行此操作，并调用一个将表单中的内容保存到我的数据库中的方法。现在我在 csrf 方面遇到了麻烦。我知道有很多关于此的帖子，但我浏览了其中很多，但无法解决我的问题。我尝试添加 {% csrf_token %} ，但这不起作用。我尝试清除浏览器缓存/cookie。我将 csrf 添加到我的中间件中。因此，如果有人能帮助我解决这个问题，我将不胜感激。我还看到了 {% url some Something %} 的符号，但我无法弄清楚它的作用。我真的很感激任何帮助

模型.py

from django.db import models

class Post(models.Model):
    text = models.TextField(max_length=250)
    time = models.DateTimeField(auto_now_add=True)
    def __unicode__(self):
        return self.text

View .py

from django.http import Http404, HttpResponse
from django.shortcuts import render_to_response, redirect
from blog.models import Post

def home(request):
    try:
        p = Post.objects.all()
    except Post.DoesNotExist:
        raise Http404
    return render_to_response('index.html',
        {'post':p})

def post(request, uID):
    try:
        p = Post.objects.get(pk=uID)
    except:
        raise Http404
    return render_to_response('post.html',
        {'post':p})

def delete(request, uID):
    try:
        p = Post.objects.get(pk=uID).delete()
    except:
        raise Http404
    return render_to_response('delete.html',
        {'post':p})

def new(request):
    return render_to_response('new.html')

def add(request):
    if request.method == 'POST':
        c = {}
        c.update(csrf(request))
        p = Post(text=request.text)
        p.save()
        return render_to_response("index.html", c)
    else:
        raise Http404

url.py

from django.conf.urls import patterns, include, url


from django.contrib import admin
admin.autodiscover()

urlpatterns = patterns('',
    url(r'^$', 'blog.views.home', name='home'),
    url(r'^(?P<uID>\d+)/$', 'blog.views.post', name='Post Id'),
    url(r'^(?P<uID>\d+)/delete/$', 'blog.views.delete', name='del'),
    url(r'^new/$', 'blog.views.new'),
    url(r'^created/$', 'blog.views.added'),
    # url(r'^myApp/', include('myApp.foo.urls')),

    # Uncomment the admin/doc line below to enable admin documentation:
    # url(r'^admin/doc/', include('django.contrib.admindocs.urls')),


    url(r'^admin/', include(admin.site.urls)),
)

new.html

<html>
    <body>
        <h2> Create a new Post </h2>
        <form method="post" action="">
            {% csrf_token %}
            Body: <input type="textarea" name="text">
            <input type="submit" value="Submit">
        </form>
    </body>
</html>

设置.py

# Django settings for myApp project.

DEBUG = True
TEMPLATE_DEBUG = DEBUG

ADMINS = (
    # ('Your Name', 'your_email@example.com'),
)

MANAGERS = ADMINS

DATABASES = {
    'default': {
        'ENGINE': 'django.db.backends.sqlite3', # Add 'postgresql_psycopg2', 'mysql', 'sqlite3' or 'oracle'.
        'NAME': 'db.sqlite',                      # Or path to database file if using sqlite3.
        # The following settings are not used with sqlite3:
        'USER': '',
        'PASSWORD': '',
        'HOST': '',                      # Empty for localhost through domain sockets or '127.0.0.1' for localhost through TCP.
        'PORT': '',                      # Set to empty string for default.
    }
}

# Hosts/domain names that are valid for this site; required if DEBUG is False
# See https://docs.djangoproject.com/en/1.5/ref/settings/#allowed-hosts
ALLOWED_HOSTS = []

# Local time zone for this installation. Choices can be found here:
# http://en.wikipedia.org/wiki/List_of_tz_zones_by_name
# although not all choices may be available on all operating systems.
# In a Windows environment this must be set to your system time zone.
TIME_ZONE = 'America/Chicago'

# Language code for this installation. All choices can be found here:
# http://www.i18nguy.com/unicode/language-identifiers.html
LANGUAGE_CODE = 'en-us'

SITE_ID = 1

# If you set this to False, Django will make some optimizations so as not
# to load the internationalization machinery.
USE_I18N = True

# If you set this to False, Django will not format dates, numbers and
# calendars according to the current locale.
USE_L10N = True

# If you set this to False, Django will not use timezone-aware datetimes.
USE_TZ = True

# Absolute filesystem path to the directory that will hold user-uploaded files.
# Example: "/var/www/example.com/media/"
MEDIA_ROOT = ''

# URL that handles the media served from MEDIA_ROOT. Make sure to use a
# trailing slash.
# Examples: "http://example.com/media/", "http://media.example.com/"
MEDIA_URL = ''

# Absolute path to the directory static files should be collected to.
# Don't put anything in this directory yourself; store your static files
# in apps' "static/" subdirectories and in STATICFILES_DIRS.
# Example: "/var/www/example.com/static/"
STATIC_ROOT = ''

# URL prefix for static files.
# Example: "http://example.com/static/", "http://static.example.com/"
STATIC_URL = '/static/'

# Additional locations of static files
STATICFILES_DIRS = (
    # Put strings here, like "/home/html/static" or "C:/www/django/static".
    # Always use forward slashes, even on Windows.
    # Don't forget to use absolute paths, not relative paths.
)

# List of finder classes that know how to find static files in
# various locations.
STATICFILES_FINDERS = (
    'django.contrib.staticfiles.finders.FileSystemFinder',
    'django.contrib.staticfiles.finders.AppDirectoriesFinder',
#    'django.contrib.staticfiles.finders.DefaultStorageFinder',
)

# Make this unique, and don't share it with anybody.
SECRET_KEY = 'mbc+)59rb8$o_k2epu8bi#!8nv!8j^)r@)b@po+t=!@3xx_at2'

# List of callables that know how to import templates from various sources.
TEMPLATE_LOADERS = (
    'django.template.loaders.filesystem.Loader',
    'django.template.loaders.app_directories.Loader',
#     'django.template.loaders.eggs.Loader',
)

MIDDLEWARE_CLASSES = (
    'django.middleware.common.CommonMiddleware',
    'django.contrib.sessions.middleware.SessionMiddleware',
    'django.middleware.csrf.CsrfViewMiddleware',
    'django.contrib.auth.middleware.AuthenticationMiddleware',
    'django.contrib.messages.middleware.MessageMiddleware',
    'django.middleware.csrf.CsrfViewMiddleware',
    # Uncomment the next line for simple clickjacking protection:
    # 'django.middleware.clickjacking.XFrameOptionsMiddleware',
)

ROOT_URLCONF = 'myApp.urls'

# Python dotted path to the WSGI application used by Django's runserver.
WSGI_APPLICATION = 'myApp.wsgi.application'

TEMPLATE_DIRS = (
    # Put strings here, like "/home/html/django_templates" or "C:/www/django/templates".
    # Always use forward slashes, even on Windows.
    # Don't forget to use absolute paths, not relative paths.
)

INSTALLED_APPS = (
    'django.contrib.auth',
    'django.contrib.contenttypes',
    'django.contrib.sessions',
    'django.contrib.sites',
    'django.contrib.messages',
    'django.contrib.staticfiles',
    'blog',
    'django.contrib.admin',
    # Uncomment the next line to enable admin documentation:
    # 'django.contrib.admindocs',
)

# A sample logging configuration. The only tangible logging
# performed by this configuration is to send an email to
# the site admins on every HTTP 500 error when DEBUG=False.
# See http://docs.djangoproject.com/en/dev/topics/logging for
# more details on how to customize your logging configuration.
LOGGING = {
    'version': 1,
    'disable_existing_loggers': False,
    'filters': {
        'require_debug_false': {
            '()': 'django.utils.log.RequireDebugFalse'
        }
    },
    'handlers': {
        'mail_admins': {
            'level': 'ERROR',
            'filters': ['require_debug_false'],
            'class': 'django.utils.log.AdminEmailHandler'
        }
    },
    'loggers': {
        'django.request': {
            'handlers': ['mail_admins'],
            'level': 'ERROR',
            'propagate': True,
        },
    }
}

Answer 1

您需要将 csrf 验证添加到 View 和 html 中，因此应该是

def new(request):
    context = {}
    context.update(csrf(request))
    return render_to_response("new.html", context)