CSRF验证失败。请求中止。在Django上

我正在关注Django 1.3 Web开发。对于登录,我收到以下错误

Forbidden (403)

CSRF verification failed. Request aborted.

Help

Reason given for failure:

CSRF token missing or incorrect.

这是我的settings.py随附的APPS。这正是书上所说的样子。

INSTALLED_APPS = (

'django.contrib.auth',

'django.contrib.contenttypes',

'django.contrib.sessions',

'django.contrib.sites',

'django.contrib.messages',

'django.contrib.staticfiles',

# Uncomment the next line to enable the admin:

'django.contrib.admin',

# Uncomment the next line to enable admin documentation:

# 'django.contrib.admindocs',

'djangocricket.Cricket',

'djangocricket.cms'

)

这本书说,它应该包含django.contrib.auth.views.login ..并且我将其包含在

urlpatterns = patterns('',

# Examples:

url(r'^$', 'djangocricket.Cricket.views.index', name='default'),

url(r'^user/(\w+)/$', 'djangocricket.Cricket.views.user_home', name='user home'),

url(r'^login/$', 'django.contrib.auth.views.login'),

# url(r'^djangocricket/', include('djangocricket.foo.urls')),

# Uncomment the admin/doc line below to enable admin documentation:

#url(r'^admin/doc/', include('django.contrib.admindocs.urls')),

# Uncomment the next line to enable the admin:

url(r'^news/', 'djangocricket.cms.views.index', name='index'),

#url(r'^news/(?P<slug>[^\.]+).html', 'djangocricket.cms.views.detail', name='get_single_news_item'),

url(r'^admin/', include(admin.site.urls)),

)

和我的registration / login.html …复制自本书的副本。它应该做。

<html>

<head>

<title>Django Bookmarks - User Login</title>

</head>

<h1>User Login</h1>

{% if form.errors %}

<p>Your username and password didn't match.

Please try again.</p>

{% endif %}

<form method="post" action=".">

<p><label for="id_username">Username:</label>

{{ form.username }}</p>

<p><label for="id_password">Password:</label>

{{ form.password }}</p>

<input type="hidden" name="next" value="/" />

<input type="submit" value="login" />

</form>

</body>

</html>

回答:

你需要将{% csrf_token %}模板标记添加为formDjango模板中元素的子代。

这样,模板将呈现一个隐藏元素,其值设置为CSRF令牌。当Django服务器收到表单请求时,Django将验证令牌与表单中呈现的值匹配。这对于确保POST请求(即,数据更改请求)源自真实的客户端会话是必要的。

以上是 CSRF验证失败。请求中止。在Django上 的全部内容, 来源链接: utcz.com/qa/419156.html

回到顶部