在 Django 表单中使用 GET

Using GET in a Django Form

我有一个关于 Django Forms 和 GET 的问题

我有一个表格可以下载 CSV 格式的学生成绩。这些字段是名称和年份,所以我有一个 forms.py

StudentDownloadForm(forms.Form):
  name=forms.CharField()
  year = forms.CharField()

我想在 template.html

中使用此表格

context={'student_form' : StudentDownloadForm(),}

<form action ="" method="GET">
  {% csrf_token %}{{ student_form|crispy }}
<input type="submit" value="Query"/>
</form>

所以我的问题如下:

根据 Django 文档 (Cross Site Request Forgery protection):

For all incoming requests that are not using HTTP GET, HEAD, OPTIONS or TRACE, a CSRF cookie must be present, and the ‘csrfmiddlewaretoken’ field must be present and correct. If it isn’t, the user will get a 403 error.

并且:

It deliberately ignores GET requests (and other requests that are defined as ‘safe’ by RFC 2616). These requests ought never to have any potentially dangerous side effects , and so a CSRF attack with a GET request ought to be harmless. RFC 2616 defines POST, PUT and DELETE as ‘unsafe’, and all other methods are assumed to be unsafe, for maximum protection.

因此,您可以省略 GET 请求的 CSRF 令牌