禁止 (403) CSRF 验证失败请求中止
Forbidden (403) CSRF verification failed Request aborted
当我尝试了论坛中对同一问题的大部分回复时,我遇到了 403 错误,但没有成功!此注册码最初来自 tango with django 站点,但不适用于 django 1.10。
如有任何帮助,我们将不胜感激,以下是我使用的文件:
views.py:
def register(request):
# Like before, get the request's context.
context = RequestContext(request)
# A boolean value for telling the template whether the registration was successful.
# Set to False initially. Code changes value to True when registration succeeds.
registered = False
# If it's a HTTP POST, we're interested in processing form data.
if request.method == 'POST':
# Attempt to grab information from the raw form information.
# Note that we make use of both UserForm and UserProfileForm.
user_form = UserForm(data=request.POST)
profile_form = UserProfileForm(data=request.POST)
# If the two forms are valid...
if user_form.is_valid() and profile_form.is_valid():
# Save the user's form data to the database.
user = user_form.save()
# Now we hash the password with the set_password method.
# Once hashed, we can update the user object.
user.set_password(user.password)
user.save()
# Now sort out the UserProfile instance.
# Since we need to set the user attribute ourselves, we set commit=False.
# This delays saving the model until we're ready to avoid integrity problems.
profile = profile_form.save(commit=False)
profile.user = user
# Did the user provide a profile picture?
# If so, we need to get it from the input form and put it in the UserProfile model.
if 'picture' in request.FILES:
profile.picture = request.FILES['picture']
# Now we save the UserProfile model instance.
profile.save()
# Update our variable to tell the template registration was successful.
registered = True
# Invalid form or forms - mistakes or something else?
# Print problems to the terminal.
# They'll also be shown to the user.
else:
print (user_form.errors, profile_form.errors)
# Not a HTTP POST, so we render our form using two ModelForm instances.
# These forms will be blank, ready for user input.
else:
user_form = UserForm()
profile_form = UserProfileForm()
# Render the template depending on the context.
return render_to_response(
'heaven/register.html',
{'user_form': user_form, 'profile_form': profile_form, 'registered': registered},
context)
urls.py:
from django.conf.urls import url
from . import views
urlpatterns = [
url(r'^$', views.home,name='home'),
url(r'^home/', views.home, name='home'),
url(r'^register/', views.register, name='register'), # ADD NEW PATTERN!
]
html 模板:
<!DOCTYPE html>
<html>
<head>
<title>Heavenly</title>
<style>
*{font-family:Arial}
h1 {color:red;}
</style>
</head>
<body>
<h1>Register with Heavenly</h1>
{% if registered %}
<strong>thank you for registering!</strong>
<a href="/home/">Return to the homepage.</a><br />
{% else %}
<strong>register here!</strong><br />
<form id="user_form" method="post" action="/register/"
enctype="multipart/form-data">
{% csrf_token %}
<!-- Display each form. The as_p method wraps each element in a paragraph
(<p>) element. This ensures each element appears on a new line,
making everything look neater. -->
{{ user_form.as_p }}
{{ profile_form.as_p }}
<!-- Provide a button to click to submit the form. -->
<input type="submit" name="submit" value="Register" />
</form>
{% endif %}
</body>
</html>
https://docs.djangoproject.com/en/1.10/releases/1.10/#features-removed-in-1-10
The dictionary and context_instance parameters for the following functions are removed:
- django.shortcuts.render()
- django.shortcuts.render_to_response()
- django.template.loader.render_to_string()
改用render
。
https://docs.djangoproject.com/en/1.10/topics/http/shortcuts/#render
当我尝试了论坛中对同一问题的大部分回复时,我遇到了 403 错误,但没有成功!此注册码最初来自 tango with django 站点,但不适用于 django 1.10。
如有任何帮助,我们将不胜感激,以下是我使用的文件:
views.py:
def register(request):
# Like before, get the request's context.
context = RequestContext(request)
# A boolean value for telling the template whether the registration was successful.
# Set to False initially. Code changes value to True when registration succeeds.
registered = False
# If it's a HTTP POST, we're interested in processing form data.
if request.method == 'POST':
# Attempt to grab information from the raw form information.
# Note that we make use of both UserForm and UserProfileForm.
user_form = UserForm(data=request.POST)
profile_form = UserProfileForm(data=request.POST)
# If the two forms are valid...
if user_form.is_valid() and profile_form.is_valid():
# Save the user's form data to the database.
user = user_form.save()
# Now we hash the password with the set_password method.
# Once hashed, we can update the user object.
user.set_password(user.password)
user.save()
# Now sort out the UserProfile instance.
# Since we need to set the user attribute ourselves, we set commit=False.
# This delays saving the model until we're ready to avoid integrity problems.
profile = profile_form.save(commit=False)
profile.user = user
# Did the user provide a profile picture?
# If so, we need to get it from the input form and put it in the UserProfile model.
if 'picture' in request.FILES:
profile.picture = request.FILES['picture']
# Now we save the UserProfile model instance.
profile.save()
# Update our variable to tell the template registration was successful.
registered = True
# Invalid form or forms - mistakes or something else?
# Print problems to the terminal.
# They'll also be shown to the user.
else:
print (user_form.errors, profile_form.errors)
# Not a HTTP POST, so we render our form using two ModelForm instances.
# These forms will be blank, ready for user input.
else:
user_form = UserForm()
profile_form = UserProfileForm()
# Render the template depending on the context.
return render_to_response(
'heaven/register.html',
{'user_form': user_form, 'profile_form': profile_form, 'registered': registered},
context)
urls.py:
from django.conf.urls import url
from . import views
urlpatterns = [
url(r'^$', views.home,name='home'),
url(r'^home/', views.home, name='home'),
url(r'^register/', views.register, name='register'), # ADD NEW PATTERN!
]
html 模板:
<!DOCTYPE html>
<html>
<head>
<title>Heavenly</title>
<style>
*{font-family:Arial}
h1 {color:red;}
</style>
</head>
<body>
<h1>Register with Heavenly</h1>
{% if registered %}
<strong>thank you for registering!</strong>
<a href="/home/">Return to the homepage.</a><br />
{% else %}
<strong>register here!</strong><br />
<form id="user_form" method="post" action="/register/"
enctype="multipart/form-data">
{% csrf_token %}
<!-- Display each form. The as_p method wraps each element in a paragraph
(<p>) element. This ensures each element appears on a new line,
making everything look neater. -->
{{ user_form.as_p }}
{{ profile_form.as_p }}
<!-- Provide a button to click to submit the form. -->
<input type="submit" name="submit" value="Register" />
</form>
{% endif %}
</body>
</html>
https://docs.djangoproject.com/en/1.10/releases/1.10/#features-removed-in-1-10
The dictionary and context_instance parameters for the following functions are removed:
- django.shortcuts.render()
- django.shortcuts.render_to_response()
- django.template.loader.render_to_string()
改用render
。
https://docs.djangoproject.com/en/1.10/topics/http/shortcuts/#render