我有一段时间有问题了,我觉得CSRF Cookie没有设置。请看下面的代码
def deposit(request,account_num):
if request.method == 'POST':
account = get_object_or_404(account_info,acct_number=account_num)
form_=AccountForm(request.POST or None, instance=account)
form = BalanceForm(request.POST)
info = str(account_info.objects.filter(acct_number=account_num))
inf=info.split()
if form.is_valid():
#cd=form.cleaned_data
now = datetime.datetime.now()
cmodel = form.save()
cmodel.acct_number=account_num
#RepresentsInt(cmodel.acct_number)
cmodel.bal_change="%0.2f" % float(cmodel.bal_change)
cmodel.total_balance="%0.2f" %(float(inf[1]) + float(cmodel.bal_change))
account.balance="%0.2f" % float(cmodel.total_balance)
cmodel.total_balance="%0.2f" % float(cmodel.total_balance)
#cmodel.bal_change=cmodel.bal_change
cmodel.issued=now.strftime("%m/%d/%y %I:%M:%S %p")
account.recent_change=cmodel.issued
cmodel.save()
account.save()
return HttpResponseRedirect("/history/" + account_num + "/")
else:
return render_to_response('history.html',
{'account_form': form},
context_instance=RequestContext(request))
在HTML中,下面是代码
<form action="/deposit/{{ account_num }}/" method="post">
<table>
<tr>
{{ account_form.bal_change }}
<input type="submit" value="Deposit" />
</tr>
{% csrf_token %}
</table>
</form>
我卡住了,我已经清除了cookie,使用了其他浏览器,但仍然没有设置csrf cookie。
如果您使用HTML5 Fetch API作为登录用户发出POST请求并获得
Forbidden (CSRF cookie not set.)
,可能是因为默认情况下fetch
不包含会话cookie,导致Django认为您与加载页面的用户不同。您可以通过传递选项
credentials: 'include'
来获取会话令牌:如果设置了
CSRF_COOKIE_SECURE = True
,并且您正在非安全地访问站点,或者如果CSRF_COOKIE_HTTPONLY = True
设置为所述的here和here,则也会发生这种情况相关问题 更多 >
编程相关推荐