分析
django 的CSRF防护
解决
1. 确保csrf中间件加载
确保主配置文件 settings.py 中的 MIDDLEWARE_CLASSES =’django.middleware.csrf.CsrfViewMiddleware’, 中间件存在
MIDDLEWARE = [
'django.middleware.security.SecurityMiddleware',
'django.contrib.sessions.middleware.SessionMiddleware',
'django.middleware.common.CommonMiddleware',
'django.middleware.csrf.CsrfViewMiddleware', # 确保存在没有被注释
'django.contrib.auth.middleware.AuthenticationMiddleware',
'django.contrib.messages.middleware.MessageMiddleware',
'django.middleware.clickjacking.XFrameOptionsMiddleware',
]
2. app下的templates里的html表处添加% csrf_token %}
例子
<form method = 'post' enctype="multipart/form-data" >
{% csrf_token %}
<h2>登 录</h2>
<div class="form-group">
3. app下的views.py使用render
import django.shortcuts import render,render_to_response
return render(request, 'login.html', {'username': username})
环境
- django 2.1.05
- python3.6.0