为视图函数添加修饰器(局部禁用)
导入模块
from django.views.decorators.csrf import csrf_exempt
在函数前面添加修饰器
@csrf_exempt
def index(request):
if request.method == 'GET':
return render(request,'index.html')
if request.method == 'POST':
username = request.POST.get('username')
password = request.POST.get('password')
if username == 'admin' and password == 'admin123':
return redirect('http://www.baidu.com')
else:
return render(request,'index.html',{'msg' : '登录失败'})
为表单添加csrf_token验证
<form action="/index/" method="post">
{% csrf_token %}
用户名:<input type="text" autocomplete="off" placeholder="请输入用户名" name="username">
密码:<input type="password" autocomplete="off" placeholder="请输入密码" name="password">
<input type="submit" value="登录">
</form>
在settings.py设置(全局禁用)
MIDDLEWARE = [
'django.middleware.security.SecurityMiddleware',
'django.contrib.sessions.middleware.SessionMiddleware',
'django.middleware.common.CommonMiddleware',
# 'django.middleware.csrf.CsrfViewMiddleware', #注释这行
'django.contrib.auth.middleware.AuthenticationMiddleware',
'django.contrib.messages.middleware.MessageMiddleware',
'django.middleware.clickjacking.XFrameOptionsMiddleware',
]
AJAX使用
在模板文件中添加
$.ajaxSetup({
data: {csrfmiddlewaretoken: '{{ csrf_token }}' },
});