CSRF verification failed. Request aborted.

Forbidden (403)

CSRF verification failed. Request aborted.

Help

Reason given for failure:

    CSRF token missing or incorrect.
    

In general, this can occur when there is a genuine Cross Site Request Forgery, or when Django's CSRF mechanism has not been used correctly. For POST forms, you need to ensure:

• Your browser is accepting cookies.
• The view function uses RequestContext for the template, instead of Context.
• In the template, there is a {% csrf_token %} template tag inside each POST form that targets an internal URL.
• If you are not using CsrfViewMiddleware, then you must use csrf_protect on any views that use the csrf_token template tag, as well as those that accept the POST data.

You're seeing the help section of this page because you have DEBUG = True in your Django settings file. Change that to False, and only the initial error message will be displayed.

You can customize this page using the CSRF_FAILURE_VIEW setting.

初学Django遇到上面的问题，所有的答案几乎都如下：

第一种：在表单里加上{% csrf_token %}就行了。
第二种方法是在Settings里的MIDDLEWARE_CLASSES增加配置：
    'django.middleware.csrf.CsrfViewMiddleware',
    'django.middleware.csrf.CsrfResponseMiddleware',

第一个答案我本身就在表单里面加了，而且怕加错，使用复制粘贴过去的，依然有问题。

第二个答案，第一句本身setting.py里面就有，第二句加上就会报错，load不进来类，找了半天都没找到问题所在。

我有两个View：detail和vote，detail页面表单如下：

<h1>{{ poll.question }}</h1>


{% if error_message %}
<p><strong>{{ error_message }}</strong></p>
{% endif %}


<form action="/polls/{{ poll.id }}/vote/" method="post">
{% csrf_token %}
{% for choice in poll.choice_set.all %}
<input type="radio" name="choice" id="choice{{ forloop.counter }}" value="{{choice.id}}"
<label for="choice{{ forloop.counter }}">
{{ choice.choice }} 
</label>
</br>
{% endfor %}
<input type="submit" value="Vote"/>

</form>

{% csrf_token %}是有加进去的，View的实现如下：

def detail(request, poll_id):
    '''
    try:
        p = Poll.objects.get(pk=poll_id)
    except Poll.DoesNotExist:
        raise Http404
    '''
    p = get_object_or_404(Poll, pk=poll_id)
    return render_to_response('polls/detail.html', {'poll':p})

def vote(request, poll_id):
p = get_object_or_404(Poll, pk=poll_id)
try:
selected_choice = p.choice_set.get(pk=request.POST['choice'])
except(KeyError, Choice.DoesNotExist):
return render_to_response('polls/detail.html', {
'poll': p,
'error_message': "You didn't select a choice.",
}, context_instance=RequestContext(request))
else:
selected_choice.votes += 1
selected_choice.save()
return HttpResponseRedirect(reverse('polls.views.results', args=(p.id,)))

网上有一种说法，必须要使用RequestContext对象，我发现我的detail里面没有使用，只有在except的时候才使用了，所以我修改最后一句，也改为类似except最后一句，但是异常依旧，最后发现是必须要修改detail那个view的。

将最后一句改为：

    return render_to_response('polls/detail.html', {'poll':p}, context_instance=RequestContext(request))

就可以了，折腾了好久，唉。