CSRF verification failed. Request aborted.

报错如下：

Forbidden (403)

CSRF verification failed. Request aborted.

Help

Reason given for failure:

    CSRF token missing or incorrect.
    

In general, this can occur when there is a genuine Cross Site Request Forgery, or when Django's CSRF mechanism has not been used correctly. For POST forms, you need to ensure:

• Your browser is accepting cookies.
• The view function uses RequestContext for the template, instead of Context.
• In the template, there is a {% csrf_token %} template tag inside each POST form that targets an internal URL.
• If you are not using CsrfViewMiddleware, then you must use csrf_protect on any views that use the csrf_token template tag, as well as those that accept the POST data.

You're seeing the help section of this page because you have DEBUG = True in your Django settings file. Change that to False, and only the initial error message will be displayed.

You can customize this page using the CSRF_FAILURE_VIEW setting.

解决办法：

在django1.4里，就必须按照提示的步骤来：

1，在view里面，强制使用RequestContext 代替Context。示例如下：

from django.template import RequestContext   

视图返回要这样：

        return render_to_response('index.html', {
            'param1': 'aaa',
            'param2': 'bbb',
            },
            context_instance=RequestContext(request)  # here！
        )

2，在模板的form体里面，加入 {% csrf_token %}，示例如下：

    <form action="login.html" method="post" >
       {% csrf_token %} 

      ……

    </form>

最后检查一下中间件里'django.middleware.csrf.CsrfViewMiddleware',是否正常开放。默认是直接开着的。

-------------------

注意，在Django 1.2(含1.2) 之前，解决办法是

在settings的中间件设置里MIDDLEWARE_CLASSES加入：

'django.middleware.csrf.CsrfResponseMiddleware',