CSRF 验证失败 - 请求中止
CSRF verification failed - Request aborted
我在 Django 中遇到 CSRF 失败并且没有任何文章有效。
它说它用于我记得的帖子,它包含在表单中,但不包含在表单标签中。
settings.py
MIDDLEWARE = [
'django.middleware.security.SecurityMiddleware',
'django.contrib.sessions.middleware.SessionMiddleware',
'django.middleware.common.CommonMiddleware',
'django.middleware.csrf.CsrfViewMiddleware',
'django.contrib.auth.middleware.AuthenticationMiddleware',
'django.contrib.messages.middleware.MessageMiddleware',
'django.middleware.clickjacking.XFrameOptionsMiddleware',
]
login.html
{% extends 'base.html' %}
{% block body_block %}
<h1>Login</h1>
<form id="login_form" method="post" action="{% url 'accounts:login' %}">
{% csrf_token %}
<div class="input-group input-group-md">
<span class="input-group-addon">Username</span>
<input type="text"class="form-control" placeholder="Username" aria-describedby="basic-addon2" name="username" value="" size="50" />
</div>
<br>
<div class="input-group input-group-md">
<span class="input-group-addon">Password</span>
<input class="form-control" placeholder="Password" aria-describedby="basic-addon2" type="password" name="password" value="" size="50" />
</div>
<br>
<div class="input-group input-group-md">
<input class="btn btn-default navbar-btn" type="submit" value="Submit" />
</div>
</form>
<br /><br />
<a style="font-size:22px;" href="/accounts/register/">Need to make a new account?</a>
{% endblock %}
{% block buttons %}
{% endblock %}
views.py:
def user_login(request):
context = RequestContext(request)
if request.method == 'POST':
form = LoginForm(request.POST)
username = request.POST['username']
password = request.POST['password']
user = authenticate(username=username, password=password)
if user:
if user.is_active:
login(request, user)
return redirect('bookmarks:silo')
else:
return HttpResponse("Your Sitename account is disabled.")
else:
return render_to_response('accounts/login.html', locals(), context)
else:
template_name = 'accounts/login.html'
return render_to_response('accounts/login.html', locals(), context)
为什么这个 csrf 令牌不起作用?
您需要像这样使用带有参数 context_instance 的 RequestContext :
def user_login(request):
context = RequestContext(request)
if request.method == 'POST':
form = LoginForm(request.POST)
username = request.POST['username']
password = request.POST['password']
user = authenticate(username=username, password=password)
if user:
if user.is_active:
login(request, user)
return redirect('bookmarks:silo')
else:
return HttpResponse("Your Sitename account is disabled.")
else:
return render_to_response('accounts/login.html', context_instance = context, locals(), )
else:
template_name = 'accounts/login.html'
return render_to_response('accounts/login.html', context_instance = context, locals(), context)
还有一件事,context_instance 自 Django 1.8 以来已弃用。
你可以只使用 :
return render(request,'accounts/login.html', locals())
我在 Django 中遇到 CSRF 失败并且没有任何文章有效。 它说它用于我记得的帖子,它包含在表单中,但不包含在表单标签中。
settings.py
MIDDLEWARE = [
'django.middleware.security.SecurityMiddleware',
'django.contrib.sessions.middleware.SessionMiddleware',
'django.middleware.common.CommonMiddleware',
'django.middleware.csrf.CsrfViewMiddleware',
'django.contrib.auth.middleware.AuthenticationMiddleware',
'django.contrib.messages.middleware.MessageMiddleware',
'django.middleware.clickjacking.XFrameOptionsMiddleware',
]
login.html
{% extends 'base.html' %}
{% block body_block %}
<h1>Login</h1>
<form id="login_form" method="post" action="{% url 'accounts:login' %}">
{% csrf_token %}
<div class="input-group input-group-md">
<span class="input-group-addon">Username</span>
<input type="text"class="form-control" placeholder="Username" aria-describedby="basic-addon2" name="username" value="" size="50" />
</div>
<br>
<div class="input-group input-group-md">
<span class="input-group-addon">Password</span>
<input class="form-control" placeholder="Password" aria-describedby="basic-addon2" type="password" name="password" value="" size="50" />
</div>
<br>
<div class="input-group input-group-md">
<input class="btn btn-default navbar-btn" type="submit" value="Submit" />
</div>
</form>
<br /><br />
<a style="font-size:22px;" href="/accounts/register/">Need to make a new account?</a>
{% endblock %}
{% block buttons %}
{% endblock %}
views.py:
def user_login(request):
context = RequestContext(request)
if request.method == 'POST':
form = LoginForm(request.POST)
username = request.POST['username']
password = request.POST['password']
user = authenticate(username=username, password=password)
if user:
if user.is_active:
login(request, user)
return redirect('bookmarks:silo')
else:
return HttpResponse("Your Sitename account is disabled.")
else:
return render_to_response('accounts/login.html', locals(), context)
else:
template_name = 'accounts/login.html'
return render_to_response('accounts/login.html', locals(), context)
为什么这个 csrf 令牌不起作用?
您需要像这样使用带有参数 context_instance 的 RequestContext :
def user_login(request):
context = RequestContext(request)
if request.method == 'POST':
form = LoginForm(request.POST)
username = request.POST['username']
password = request.POST['password']
user = authenticate(username=username, password=password)
if user:
if user.is_active:
login(request, user)
return redirect('bookmarks:silo')
else:
return HttpResponse("Your Sitename account is disabled.")
else:
return render_to_response('accounts/login.html', context_instance = context, locals(), )
else:
template_name = 'accounts/login.html'
return render_to_response('accounts/login.html', context_instance = context, locals(), context)
还有一件事,context_instance 自 Django 1.8 以来已弃用。 你可以只使用 :
return render(request,'accounts/login.html', locals())