Django: CSRF 验证错误
GET请求:
<WSGIRequest
path:/contact,
GET:<QueryDict: {}>,
POST:<QueryDict: {}>,
COOKIES:{'__utma': '96992031.1421967427.1405088230.1405685996.1405688035.8',
'__utmb': '96992031.3.10.1405688035',
'__utmc': '96992031',
'__utmz': '96992031.1405088230.1.1.utmcsr=(direct)|utmccn=(direct)|utmcmd=(none)',
'djdt': 'hide'},
META:{'CONTENT_LENGTH': '',
'CONTENT_TYPE': '',
u'CSRF_COOKIE': u'RRNKQhMUwb2blNVeLxV61A8gqTbuFXya',
'HTTP_ACCEPT': 'text/html, */*; q=0.01',
'HTTP_ACCEPT_ENCODING': 'gzip,deflate,sdch',
'HTTP_ACCEPT_LANGUAGE': 'en-GB,en-US;q=0.8,en;q=0.6',
'HTTP_CONNECTION': 'keep-alive',
'HTTP_COOKIE': 'djdt=hide; __utma=96992031.1421967427.1405088230.1405685996.1405688035.8; __utmb=96992031.3.10.1405688035; __utmc=96992031; __utmz=96992031.1405088230.1.1.utmcsr=(direct)|utmccn=(direct)|utmcmd=(none)',
'HTTP_HOST': '127.0.0.1:8000',
'HTTP_REFERER': 'http://127.0.0.1:8000/',
'HTTP_USER_AGENT': 'Mozilla/5.0 (X11; Linux i686 (x86_64)) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/35.0.1916.153 Safari/537.36',
'HTTP_X_REQUESTED_WITH': 'XMLHttpRequest',
'PATH_INFO': u'/contact',
'QUERY_STRING': '',
'REMOTE_ADDR': '127.0.0.1',
'REMOTE_PORT': 57435,
'REQUEST_METHOD': 'GET',
'SCRIPT_NAME': u'',
'SERVER_NAME': '127.0.0.1',
'SERVER_PORT': '8000',
'SERVER_PROTOCOL': 'HTTP/1.1',
'SERVER_SOFTWARE': 'Werkzeug/0.9.6',
'werkzeug.request': <BaseRequest 'http://127.0.0.1:8000/contact' [GET]>,
'werkzeug.server.shutdown': <function shutdown_server at 0x25876e0>,
'wsgi.errors': <open file '<stderr>', mode 'w' at 0x7f72b9132270>,
'wsgi.input': <socket._fileobject object at 0x7f72b0132cd0>,
'wsgi.multiprocess': False,
'wsgi.multithread': False,
'wsgi.run_once': False,
'wsgi.url_scheme': 'http',
'wsgi.version': (1, 0)}>
POST请求:
<WSGIRequest
path:/contact,
GET:<QueryDict: {}>,
POST:<QueryDict: {u'city': [u'London'], u'first_name': [u'', u'', u''], u'future-notices-name': [u''], u'email_psp': [u'm'], u'csrfmiddlewaretoken': [u'RRNKQhMUwb2blNVeLxV61A8gqTbuFXya'], u'email': [u''], u'wfax': [u'+44 (0)']}>,
COOKIES:{'__utma': '96992031.1421967427.1405088230.1405685996.1405688035.8',
'__utmb': '96992031.3.10.1405688035',
'__utmc': '96992031',
'__utmz': '96992031.1405088230.1.1.utmcsr=(direct)|utmccn=(direct)|utmcmd=(none)',
'csrftoken': 'RRNKQhMUwb2blNVeLxV61A8gqTbuFXya',
'djdt': 'hide'},
META:{'CONTENT_LENGTH': '627',
'CONTENT_TYPE': 'application/x-www-form-urlencoded',
u'CSRF_COOKIE': u'RRNKQhMUwb2blNVeLxV61A8gqTbuFXya',
'HTTP_ACCEPT': 'text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,*/*;q=0.8',
'HTTP_ACCEPT_ENCODING': 'gzip,deflate,sdch',
'HTTP_ACCEPT_LANGUAGE': 'en-GB,en-US;q=0.8,en;q=0.6',
'HTTP_CACHE_CONTROL': 'max-age=0',
'HTTP_CONNECTION': 'keep-alive',
'HTTP_COOKIE': 'djdt=hide; __utma=96992031.1421967427.1405088230.1405685996.1405688035.8; __utmb=96992031.3.10.1405688035; __utmc=96992031; __utmz=96992031.1405088230.1.1.utmcsr=(direct)|utmccn=(direct)|utmcmd=(none); csrftoken=RRNKQhMUwb2blNVeLxV61A8gqTbuFXya',
'HTTP_HOST': '127.0.0.1:8000',
'HTTP_ORIGIN': 'http://127.0.0.1:8000',
'HTTP_REFERER': 'http://127.0.0.1:8000/',
'HTTP_USER_AGENT': 'Mozilla/5.0 (X11; Linux i686 (x86_64)) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/35.0.1916.153 Safari/537.36',
'PATH_INFO': u'/contact',
'QUERY_STRING': '',
'REMOTE_ADDR': '127.0.0.1',
'REMOTE_PORT': 57438,
'REQUEST_METHOD': 'POST',
'SCRIPT_NAME': u'',
'SERVER_NAME': '127.0.0.1',
'SERVER_PORT': '8000',
'SERVER_PROTOCOL': 'HTTP/1.1',
'SERVER_SOFTWARE': 'Werkzeug/0.9.6',
'werkzeug.request': <BaseRequest 'http://127.0.0.1:8000/contact' [POST]>,
'werkzeug.server.shutdown': <function shutdown_server at 0x7f72b0128aa0>,
'wsgi.errors': <open file '<stderr>', mode 'w' at 0x7f72b9132270>,
'wsgi.input': <socket._fileobject object at 0x7f72b02500d0>,
'wsgi.multiprocess': False,
'wsgi.multithread': False,
'wsgi.run_once': False,
'wsgi.url_scheme': 'http',
'wsgi.version': (1, 0)}>
views.py
def contact(request):
if request.method == 'POST':
form = ContactForm(request.POST)
if form.is_valid():
return HttpResponse(json.dumps(cd))
else:
form = ContactForm()
return render(request, 'contact.html', {'form': form})
表单的样子是:
<form id="notice_form" action="/contact" method="post">{% csrf_token %}
...
我在尝试提交一个表单,但出现了403禁止访问的错误。检查GET和POST请求后,我发现两个请求中的csrftoken cookie是一样的。那么为什么还是会出现这个错误呢? :(
1 个回答
0
根据Django的文档(因为我几乎从不使用基于函数的视图):https://docs.djangoproject.com/en/1.6/ref/contrib/csrf/#how-to-use-it
在对应的视图函数中,确保使用了 'django.core.context_processors.csrf' 这个上下文处理器。通常,这可以通过两种方式来实现:
使用RequestContext,这样就会始终使用 'django.core.context_processors.csrf'(无论你的 TEMPLATE_CONTEXT_PROCESSORS 设置是什么)。如果你在使用通用视图或一些附加的应用程序,这些应用程序会自动使用RequestContext。
问题是你使用了HttpResponse,而它并不利用RequestContext,所以你要么需要换个解决方案,要么就把这个视图从csrf保护中排除(我不太建议这样做)。如果你是把这个当作ajax请求使用,确保你实现了:https://docs.djangoproject.com/en/1.6/ref/contrib/csrf/#ajax