使用django提交form表单时,提交方式为post,总是提交不成功,报错如下:


Forbidden (403)

CSRF verification failed. Request aborted.

Help

Reason given for failure:

    CSRF token missing or incorrect.

In general, this can occur when there is a genuine Cross Site Request Forgery, or when Django's CSRF mechanism has not been used correctly. For POST forms, you need to ensure:

  • Your browser is accepting cookies.

  • The view function uses RequestContext for the template, instead of Context.

  • In the template, there is a {% csrf_token %} template tag inside each POST form that targets an internal URL.

  • If you are not using CsrfViewMiddleware, then you must use csrf_protect on any views that use the csrf_token template tag, as well as those that accept the POST data.

You're seeing the help section of this page because you have DEBUG = True in your Django settings file. Change that to False, and only the initial error message will be displayed.

You can customize this page using the CSRF_FAILURE_VIEW setting.



虽然按照上面所说的方法:

第一种:在表单里加上{% csrf_token %}就行了。
第二种方法是在Settings里的MIDDLEWARE_CLASSES增加配置:
    'django.middleware.csrf.CsrfViewMiddleware',
    'django.middleware.csrf.CsrfResponseMiddleware',


都加上了,但是并没有什么用,网上查资料才找到答案,从view到页面时候,我是酱紫的:


from django.shortcuts import *
from contact.forms import ContactForm

def contact(request):
	if request.method=='POST':
		form= ContactForm(request.POST)
		if form.is_valid():
			cd = form.cleaned_data
			send_mail(
				cd['subject'],
				cd['message'],
				cd.get('email', 'noreply@example.com'),
				['siteowner@example.com'],
			)
			return HttpResponseRedirect('/contact/thanks/')
	else:
		form=ContactForm()
	return render_to_response('contact_form.html', {'form': form})

首先request没有post方法,进入else,显示的为contact_form.html页面,此时报错,网上有一种说法,必须要使用RequestContext对象,

return render_to_response('contact_form.html', {'form': form},context_instance=RequestContext(request))


将else中的语句加入RequestContext后,成功!