Django1.4 CSRF verification failed. Request aborted.
错误信息:
Forbidden (403)
CSRF verification failed. Request aborted.
Help
Reason given for failure:
CSRF token missing or incorrect.
In general, this can occur when there is a genuine Cross Site Request Forgery, or when Django’s CSRF mechanism has not been used correctly. For POST forms, you need to ensure:
Your browser is accepting cookies.
The view function uses RequestContext for the template, instead of Context.
In the template, there is a {% csrf_token %} template tag inside each POST form that targets an internal URL.
If you are not using CsrfViewMiddleware, then you must use csrf_protect on any views that use the csrf_token template tag, as well as those that accept the POST data.
You’re seeing the help section of this page because you have DEBUG = True in your Django settings file. Change that to False, and only the initial error message will be displayed.
You can customize this page using the CSRF_FAILURE_VIEW setting.
初学django还有许多不解,上面的错误信息对问题已有所说明。
1. 表单Form中加入{% csrf_token %}
2. settings.py中MIDDLEWARE_CLASSES中加入’django.middleware.csrf.CsrfViewMiddleware’,网上有得说还要加入’django.middleware.csrf.CsrfResponseMiddleware’,但再1.4中没找到这个模块,不知道是不是有所改变。
3. view中加入 RequestContext
def login_view(request):
username = request.POST.get(‘username’, ”);
password = request.POST.get(‘password’, ”);
user = auth.authenticate(username=username, password=password)
if user is not None and user.is_active:
auth.login(request, user)
return HttpResponseRedirect(‘/home/’)
else:
return render_to_response(‘login.html’, context_instance=RequestContext(request))
网上还说需要在view中的方法上面加上@csrf_protect注解,但我没加也成功了。
https://blog-website.rhcloud.com/blog/?p=76
