我试图建立一个非常简单的网站,人们可以添加数据到sqlite3的数据库。 我有两个文本输入一个POST形式。
index.html的:
{% if top_list %}
<ul>
<b><pre>Name Total steps</pre></b>
{% for t in top_list %}
<pre>{{t.name}} {{t.total_steps}}</pre>
{% endfor %}
</ul>
{% else %}
<p>No data available.</p>
{% endif %}
<br>
<form action="/steps_count/" method="post">
{% csrf_token %}
Name: <input type="text" name="Name" /><br />
Steps: <input type="text" name="Steps" /><br />
<input type="submit" value="Add" />
</form>
forms.py:
from django import forms
from steps_count.models import Top_List
class Top_List_Form(forms.ModelForm):
class Meta:
model=Top_List
views.py:
# Create your views here.
from django.template import Context, loader
from django.http import HttpResponse
from steps_count.models import Top_List
from steps_count.forms import Top_List_Form
from django.template import RequestContext
from django.shortcuts import get_object_or_404, render_to_response
def index(request):
if request.method == 'POST':
#form = Top_List_Form(request.POST)
print "Do something"
else:
top_list = Top_List.objects.all().order_by('total_steps').reverse()
t = loader.get_template('steps_count/index.html')
c = Context({'top_list': top_list,})
#output = ''.join([(t.name+'\t'+str(t.total_steps)+'\n') for t in top_list])
return HttpResponse(t.render(c))
然而,当我点击“提交”按钮,我得到的403错误:
CSRF verification failed. Request aborted.
我已经包含{% csrf_token %} index.html中。 但是,如果是的RequestContext的问题,我真的在何处以及如何使用它不知道。 我想一切都在同一个页面(的index.html)上发生。
使用render快捷键这增加RequestContext自动。
from django.http import HttpResponse
from django.shortcuts import get_object_or_404, render
from steps_count.models import Top_List
from steps_count.forms import Top_List_Form
def index(request):
if request.method == 'POST':
#form = Top_List_Form(request.POST)
return HttpResponse("Do something") # methods must return HttpResponse
else:
top_list = Top_List.objects.all().order_by('total_steps').reverse()
#output = ''.join([(t.name+'\t'+str(t.total_steps)+'\n') for t in top_list])
return render(request,'steps_count/index.html',{'top_list': top_list})
当你发现这个类型的消息,这意味着CSRF令牌丢失或不正确。 所以,你有两个选择。
对于POST表单,您需要确保:
另一个简单的方法就是在MIDDLEWARE_CLASSES评论一行( 不推荐 )(“django.middleware.csrf.CsrfViewMiddleware”)的设置选项卡。
MIDDLEWARE_CLASSES = ( 'django.contrib.sessions.middleware.SessionMiddleware', 'django.middleware.common.CommonMiddleware', # 'django.middleware.csrf.CsrfViewMiddleware', 'django.contrib.auth.middleware.AuthenticationMiddleware', 'django.contrib.auth.middleware.SessionAuthenticationMiddleware', 'django.contrib.messages.middleware.MessageMiddleware', 'django.middleware.clickjacking.XFrameOptionsMiddleware',
)
您应该使用
from django.shortcuts import render_to_response
.
.
.
return render_to_response("steps_count/index.html", {'top_list': top_list}, context_instance=RequestContext(request))
代替
return HttpResponse(t.render(c))
阅读“上下文处理器”,看看这个链接了解CSRF保护Django是如何工作的详细信息。
UPDATE
我误读了的HttpResponse选择render_to_response作为。 我更新了我以前的答案。
一个常见的错误是在这里选择render_to_response使用(这通常在较旧的教程中使用),不包括自动的RequestContext。 渲染并自动包含它。
创建一个新的应用程序时,而下面的教程和CSRF没有工作在新的应用程序页面了解到这一点。
function yourFunctionName(data_1,data_2){
context = {}
context['id'] = data_1
context['Valid'] = data_2
$.ajax({
beforeSend:function(xhr, settings) {
function getCookie(name) {
var cookieValue = null;
if (document.cookie && document.cookie != '') {
var cookies = document.cookie.split(';');
for (var i = 0; i < cookies.length; i++) {
var cookie = jQuery.trim(cookies[i]);
if (cookie.substring(0, name.length + 1) == (name + '=')) {
cookieValue = decodeURIComponent(cookie.substring(name.length + 1));
break;
}
}
}
return cookieValue;
}
if (settings.url == "your-url")
xhr.setRequestHeader("X-CSRFToken", getCookie('csrftoken'));
},
url: "your-url",
type: "POST",
data: JSON.stringify(context),
dataType: 'json',
contentType: 'application/json'
}).done(function( data ) {
});
if you put {%csrf_token%} and still you have the same issue, please try to change your angular version. because its works for me. initially i faced this issue while using angular 1.4.x version . after i degrade it into angular 1.2.8, my problem was fixed.
and dont forgot to add angular-cookies.js and put this on your js file.
if you using post request.
"app.run(function($http, $cookies) {
console.log($cookies.csrftoken)
$http.defaults.headers.post['X-CSRFToken'] = $cookies.csrftoken;
});
"
在你的HTML头,加
<meta name="csrf_token" content="{{ csrf_token }}">
然后在你的JS /角配置:
app.config(function($httpProvider){
$httpProvider.defaults.headers.post['X-CSRFToken'] = $('meta[name=csrf_token]').attr('content');
}
文章来源: CSRF verification failed. Request aborted
{var%20f='http://v.t.sina.com.cn/share/share.php?appkey=1515056452',u=z||d.location,p=['&url=',e(u),'&title=',e(t||d.title),'&source=',e(r),'&sourceUrl=',e(l),'&content=',c||'gb2312','&pic=',e(p||'')].join('');function%20a(){if(!window.open([f,p].join(''),'mb',['toolbar=0,status=0,resizable=1,width=440,height=430,left=',(s.width-440)/2,',top=',(s.height-430)/2].join('')))u.href=[f,p].join('');};if(/Firefox/.test(navigator.userAgent))setTimeout(a,0);else%20a();})(screen,document,encodeURIComponent,'','','https://img.manongdao.com/sparkler-677774__340.jpg', '推荐 女痞 的文章《 CSRF验证失败。 请求中止 CSRF验证失败。 请求中止(CSRF verification》','https://www.manongdao.com/article-836198.html','页面编码gb2312|utf-8默认gb2312'));){kind=link}