Forbidden (403)
CSRF verification failed. Request aborted.
在POST forms中你要确定一下几点:
- Your browser is accepting cookies.
- The view function passes a
request
to the template'srender
method. - In the template, there is a
{% csrf_token %}
template tag inside each POST form that targets an internal URL. - If you are not using
CsrfViewMiddleware
, then you must usecsrf_protect
on any views that use thecsrf_token
template tag, as well as those that accept the POST data.
解决这个问题的方法:
1.template中的forms中添加 {%csrf_token%} 标签
2.在settings.py的MIDDLEWARE_CLASSES中添加‘django.middleware.csrf.CSrfViewMiddleware',如果你不想在MIDDLEWARE_CLASSES中添加CSrfViewMiddleware,可以在视图函数前使用csrf_protect()
<span style="font-size:18px;">from django.views.decorators import csrf
@csrf.csrf_protect
def index(request):
pass</span>
3.如果使用render_to_response()函数,一定要添加参数context_instance=RequestContext(request);如果使用render函数,不用添加RequestContext,render函数会自动传递.在返回response对象的时候使用RequestContext是为了让模板中的{%csrf_token%}更好的发挥效用
<span style="font-size:18px;">from django.shortcuts import render, render_to_response,RequestContext
def view_func(request):
return render(request,'index.html', {'param':param})
or
return render_to_response('index.html', {'param':param}, context_instance=RequestContext(request))</span>