很多初学者遇到这个问题,修改各种设置,依然不能解决问题。
此方法比较暴力,csrf源代码,取消限制步骤如下:
- django 禁用CSRF 的方法:
- 修改C:\Python27\Lib\site-packages\django\middleware\csrf.py
#找到如下代码:
if request.method not in ('GET', 'HEAD', 'OPTIONS', 'TRACE'):
#修改为:
if request.method not in ('GET','POST', 'HEAD', 'OPTIONS', 'TRACE'):
Forbidden (403)
CSRF verification failed. Request aborted.
Help
Reason given for failure:
CSRF token missing or incorrect.
In general, this can occur when there is a genuine Cross Site Request Forgery, or when Django's CSRF mechanism has not been used correctly. For POST forms, you need to ensure:
- Your browser is accepting cookies.
- The view function uses
RequestContext
for the template, instead ofContext
. - In the template, there is a
{% csrf_token %}
template tag inside each POST form that targets an internal URL. - If you are not using
CsrfViewMiddleware
, then you must usecsrf_protect
on any views that use thecsrf_token
template tag, as well as those that accept the POST data.
You're seeing the help section of this page because you have DEBUG = True
in your Django settings file. Change that to False
, and only the initial error message will be displayed.
You can customize this page using the CSRF_FAILURE_VIEW setting.