在 django 中显示 csrf 验证失败

Question

当我点击提交时，它显示 csrf 验证失败，尽管我使用了 {% csrftoken %} 这是我的 view.py:

@csrf_protect
def register(request):
 if request.method == 'POST':
    form = RegistrationForm(request.POST)
    if form.is_valid():
        user = User.objects.create_user(
        username=form.cleaned_data['username'],
        password=form.cleaned_data['password1'],
        email=form.cleaned_data['email']
        )
        return HttpResponseRedirect('/login/')
else:
    form = RegistrationForm()
catagories = Company_Profile.objects.all()
variables = RequestContext(request, {
'form': form,'catagories' : catagories
})

return render_to_response(
'index1.html',
variables

)

我的 html 页面 index1.html s:

<div id="connect_signup_box" class="connect_box_form clearfix">{% csrf_token  %}
<form enctype="application/x-www-form-urlencoded" class="global_form"  action="" method="POST">{% csrf_token %}<div><div><h3>Create Account</h3>
<div class="form-elements" >
<div id="name-wrapper" class="form-wrapper"><div id="name-label"  class="form-label"><label for="name" class="optional">Name</label></div>
<div id="name-element" class="form-element">
<input type="text" name="name" id="name" value="" class="signup-name"></div>     </div>

<div id="username-wrapper" class="form-wrapper"><div id="username-label"   class="form-label"><label for="id_username">Username:</label></div>
<div id="username-element" class="form-element">
<input id="id_username" max_length="30" name="username" required="True"  type="text">
<div id="uJTtr4FGLy-wrapper" class="form-wrapper"><div id="uJTtr4FGLy-label"     class="form-label"><label for="id_email">Email Id:</label></div>
<div id="uJTtr4FGLy-element" class="form-element">
<input id="id_email" max_length="30" name="email" required="True"   type="text">
<p class="description">You will use your email address to login.</p></div>   </div>
<div id="password-wrapper" class="form-wrapper"><div id="password-label"     class="form-label"><label for="id_password1">Password:</label></div>
<div id="password-element" class="form-element">
<input id="id_password1" name="password1" type="password">
<p class="description">Passwords must be at least 6 characters in length.    </p></div></div>
<div id="passconf-wrapper" class="form-wrapper"><div id="passconf-label"    class="form-label"><label for="id_password2">Password (Confirm):</label></div>
<div id="passconf-element" class="form-element">
<input id="id_password2" max_length="30" name="password2"    render_value="False" required="True" type="password">
<p class="description">Enter your password again for confirmation.</p></div>   </div>

<p class="description">This will be the end of your profile link, for   example: <br> </p></div></div>
</div></div>
<div id="terms-wrapper" class="form-wrapper"><div id="terms-label"    class="form-label">&nbsp;</div><div id="terms-element" class="form-element">
<input type="hidden" name="terms" value=""><input type="checkbox"    name="terms" id="terms" value="1" tabindex="7">
<label class="null" for="terms">I have read and agree to the <a    target="_blank" href="help/terms.html">terms of service</a>.</label></div></div>
<div id="submit-wrapper" class="form-wrapper"><div id="submit-label"     class="form-label">&nbsp;</div><div id="submit-element" class="form-element">
<input type="hidden" name="csrfmiddlewaretoken"    value="vmGTjibc4wzzsrVshrElFs8J0T24UECG">
        <input type="submit" class="btn btn-success" value="submit">

    <input type="reset" class="btn" value="cancel">

  </div></div></div></form>  </div>

</div>

我没有使用 form.as_p，因为我需要它单独应用 css.. 请帮助我

编辑： 我得到了答案 实际问题是我有硬编码的 csrf 即

所以删除它并且它工作正常。感谢@Daniel Roseman 注意到了我，感谢所有帮助我的人。

Answer 1

您应该将 RequestContext 作为 render_to_response() 的第三个参数传递：

return render_to_response('index1.html',
                          {'form': form, 'catagories': catagories},
                          RequestContext(request))

或者，作为更好的选择，使用 render() 函数代替 render_to_response():

from django.shortcuts import render

return render(request, 'index1.html', variables)

Answer 2

您需要移动 {% csrf_token %} 标签 - 将其放在表单中。此外，如果您使用 django.middleware.csrf.CsrfViewMiddleware，则不必手动 csrf_protect 您的视图。

对于上下文实例，尝试这样做：

def register(request):
     if request.method == 'POST':
         form = RegistrationForm(request.POST)
         if form.is_valid():
             user = User.objects.create_user(
             username=form.cleaned_data['username'],
             password=form.cleaned_data['password1'],
             email=form.cleaned_data['email']
             )
             return HttpResponseRedirect('/login/')
         else:
             form = RegistrationForm()
     catagories = Company_Profile.objects.all()
     variables = {'form': form,'catagories' : catagories}

     return render_to_response('index1.html', variables, context_instance=RequestContext(request))