django種表單post出現CSRF verification failed( CSRF驗證失敗 ) 的兩種解決方式
現象
表單界面例如如下:html
在點擊提交以後,出現例如如下錯誤頁面:python
HTML的代碼例如如下:django
contact_form.html瀏覽器
<!DOCTYPE HTML PUBLIC >
<html>
<head>
<title>Contact us</title>
</head>
<body>
<h1>Contact us</h1>
{% if errors %}
<ul>
{% for error in errors %}
<li>{{ error }}</li>
{% endfor %}
</ul>
{% endif %}
<form action="/contact/" method="post">
<p>Subject: <input type="text" name="subject" value="{{ subject }}"></p>
<p>Your e-mail (optional): <input type="text" name="email" value="{{ email }}"></p>
<p>Message: <textarea name="message" rows="10" cols="50">{{ message }}</textarea></p>
<input type="submit" value="Submit">
</form>
</body>
</html>
view代碼例如如下:
view.pycookie
# -*- coding: utf-8 -*-
from django.core.mail import send_mail
from django.http import HttpResponseRedirect
from django.shortcuts import render_to_response
def contact(request):
errors = []
if request.method == 'POST':
if not request.POST.get('subject', ''):
errors.append('Enter a subject.')
if not request.POST.get('message', ''):
errors.append('Enter a message.')
if request.POST.get('email') and '@' not in request.POST['email']:
errors.append('Enter a valid e‐mail address.')
if not errors:
send_mail(
request.POST['subject'],
request.POST['message'],
request.POST.get('email', 'noreply@example.com'),
['siteowner@example.com'],
)
return HttpResponseRedirect('/contact/thanks/')
return render_to_response('contact_form.html', {
'errors': errors,
'subject': request.POST.get('subject', ''),
'message': request.POST.get('message', ''),
'email': request.POST.get('email', ''),
})
通常瀏覽器都是開啓了cookies的,因此在上面圖中的錯誤信息中。咱們主要關注後三點,依據提示進行更改:
解決方式一:CSRF驗證設置
1. 在 view.py 中的 render_to_response 中,使用 RequestContext 來取代默認的 Context 。session
view.pyapp
# -*- coding: utf-8 -*-
from django.core.mail import send_mail
from django.http import HttpResponseRedirect
from django.shortcuts import render_to_response
from django.template import RequestContext
def contact(request):
errors = []
if request.method == 'POST':
if not request.POST.get('subject', ''):
errors.append('Enter a subject.')
if not request.POST.get('message', ''):
errors.append('Enter a message.')
if request.POST.get('email') and '@' not in request.POST['email']:
errors.append('Enter a valid e‐mail address.')
if not errors:
send_mail(
request.POST['subject'],
request.POST['message'],
request.POST.get('email', 'noreply@example.com'),
['siteowner@example.com'],
)
return HttpResponseRedirect('/contact/thanks/')
return render_to_response('contact_form.html', {
'errors': errors,
'subject': request.POST.get('subject', ''),
'message': request.POST.get('message', ''),
'email': request.POST.get('email', ''),
},context_instance=RequestContext(request))
2. 在模板文件裏的 form 表單內加入 {% csrf_token %} 。
contact_form.html
post
<!DOCTYPE HTML PUBLIC >
<html>
<head>
<title>Contact us</title>
</head>
<body>
<h1>Contact us</h1>
{% if errors %}
<ul>
{% for error in errors %}
<li>{{ error }}</li>
{% endfor %}
</ul>
{% endif %}
<form action="/contact/" method="post">
<br />{% csrf_token %}<br />
<p>Subject: <input type="text" name="subject" value="{{ subject }}"></p>
<p>Your e-mail (optional): <input type="text" name="email" value="{{ email }}"></p>
<p>Message: <textarea name="message" rows="10" cols="50">{{ message }}</textarea></p>
<input type="submit" value="Submit">
</form>
</body>
</html>
測試執行,成功!
PS:上文中圖片中的錯誤信息第四條,在創建djangoproject的時候 setting.py 已經本身主動加入了 'django.middleware.csrf.CsrfViewMiddleware',code
MIDDLEWARE_CLASSES = (
'django.contrib.sessions.middleware.SessionMiddleware',
'django.middleware.common.CommonMiddleware',
'django.middleware.csrf.CsrfViewMiddleware',
'django.contrib.auth.middleware.AuthenticationMiddleware',
'django.contrib.auth.middleware.SessionAuthenticationMiddleware',
'django.contrib.messages.middleware.MessageMiddleware',
'django.middleware.clickjacking.XFrameOptionsMiddleware',
'django.middleware.security.SecurityMiddleware',
'django.middleware.locale.LocaleMiddleware',
)
解決方式二:不使用 CSRF 驗證
1. 在 setting.py 文件裏刪除 'django.middleware.csrf.CsrfViewMiddleware', ,例如如下所看到的orm
MIDDLEWARE_CLASSES = (
'django.contrib.sessions.middleware.SessionMiddleware',
'django.middleware.common.CommonMiddleware',
#'django.middleware.csrf.CsrfViewMiddleware',
'django.contrib.auth.middleware.AuthenticationMiddleware',
'django.contrib.auth.middleware.SessionAuthenticationMiddleware',
'django.contrib.messages.middleware.MessageMiddleware',
'django.middleware.clickjacking.XFrameOptionsMiddleware',
'django.middleware.security.SecurityMiddleware',
'django.middleware.locale.LocaleMiddleware',
)
2. 移除 form 表單中的 {% csrf_token %} 標記。例如如下所看到的:
contact_form.html
<!DOCTYPE HTML PUBLIC >
<html>
<head>
<title>Contact us</title>
</head>
<body>
<h1>Contact us</h1>
{% if errors %}
<ul>
{% for error in errors %}
<li>{{ error }}</li>
{% endfor %}
</ul>
{% endif %}
<form action="/contact/" method="post">
<p>Subject: <input type="text" name="subject" value="{{ subject }}"></p>
<p>Your e-mail (optional): <input type="text" name="email" value="{{ email }}"></p>
<p>Message: <textarea name="message" rows="10" cols="50">{{ message }}</textarea></p>
<input type="submit" value="Submit">
</form>
</body>
</html>
3. 在 view.py 中的 render_to_response 中,不使用 RequestContext 。例如如下所看到的:
view.py
# -*- coding: utf-8 -*-
from django.core.mail import send_mail
from django.http import HttpResponseRedirect
from django.shortcuts import render_to_response
from django.template import RequestContext
def contact(request):
errors = []
if request.method == 'POST':
if not request.POST.get('subject', ''):
errors.append('Enter a subject.')
if not request.POST.get('message', ''):
errors.append('Enter a message.')
if request.POST.get('email') and '@' not in request.POST['email']:
errors.append('Enter a valid e‐mail address.')
if not errors:
send_mail(
request.POST['subject'],
request.POST['message'],
request.POST.get('email', 'noreply@example.com'),
['siteowner@example.com'],
)
return HttpResponseRedirect('/contact/thanks/')
return render_to_response('contact_form.html', {
'errors': errors,
'subject': request.POST.get('subject', ''),
'message': request.POST.get('message', ''),
'email': request.POST.get('email', ''),
}) 又一次執行,測試成功!
相關文章
- 1. Django提交POST表單「CSRF verification failed. Request aborted」問題的解決
- 2. 【Django】CSRF verification failed Request aborted
- 3. Django 表單 POST CSRF verification failed. Request aborted.錯誤
- 4. 【django】CSRF verification failed. Request aborted.
- 5. 解決Django 提交表單時403錯誤:CSRF verification failed. Request aborted .
- 6. CSRF verification failed. Request aborted.
- 7. Forbidden (403) CSRF verification failed. Request aborted. - Django
- 8. django(Forbidden (403) CSRF verification failed. Request aborted)
- 9. Django提交表單時遇到403錯誤:CSRF verification failed
- 10. Django CSRF認證的幾種解決方案
- 更多相關文章...
- • PHP 表單驗證 - PHP教程
- • Redis的兩種備份(持久化)方式:RDB和AOF - Redis教程
- • 常用的分佈式事務解決方案
- • PHP Ajax 跨域問題最佳解決方案
相關標籤/搜索
每日一句
-
每一个你不满意的现在,都有一个你没有努力的曾经。
最新文章
- 1. 跳槽面試的幾個實用小技巧,不妨看看!
- 2. Mac實用技巧 |如何使用Mac系統中自帶的預覽工具將圖片變成黑白色?
- 3. Mac實用技巧 |如何使用Mac系統中自帶的預覽工具將圖片變成黑白色?
- 4. 如何使用Mac系統中自帶的預覽工具將圖片變成黑白色?
- 5. Mac OS非兼容Windows軟件運行解決方案——「以VMware & Microsoft Access爲例「
- 6. 封裝 pyinstaller -F -i b.ico excel.py
- 7. 數據庫作業三ER圖待完善
- 8. nvm安裝使用低版本node.js(非命令安裝)
- 9. 如何快速轉換圖片格式
- 10. 將表格內容分條轉換爲若干文檔
歡迎關注本站公眾號,獲取更多信息
相關文章
- 1. Django提交POST表單「CSRF verification failed. Request aborted」問題的解決
- 2. 【Django】CSRF verification failed Request aborted
- 3. Django 表單 POST CSRF verification failed. Request aborted.錯誤
- 4. 【django】CSRF verification failed. Request aborted.
- 5. 解決Django 提交表單時403錯誤:CSRF verification failed. Request aborted .
- 6. CSRF verification failed. Request aborted.
- 7. Forbidden (403) CSRF verification failed. Request aborted. - Django
- 8. django(Forbidden (403) CSRF verification failed. Request aborted)
- 9. Django提交表單時遇到403錯誤:CSRF verification failed
- 10. Django CSRF認證的幾種解決方案