Django CSRF饼干

2024-06-16 09:47:50 发布

您现在位置:Python中文网/ 问答频道 /正文
554 3

我有一段时间有问题了,我觉得CSRF Cookie没有设置。请看下面的代码

Python

def deposit(request,account_num):
if request.method == 'POST':
    account = get_object_or_404(account_info,acct_number=account_num)
    form_=AccountForm(request.POST or None, instance=account)
    form = BalanceForm(request.POST)
    info = str(account_info.objects.filter(acct_number=account_num))
    inf=info.split()
    if form.is_valid():
    #cd=form.cleaned_data
        now = datetime.datetime.now()
        cmodel = form.save()
        cmodel.acct_number=account_num
        #RepresentsInt(cmodel.acct_number)
        cmodel.bal_change="%0.2f" % float(cmodel.bal_change)
        cmodel.total_balance="%0.2f" %(float(inf[1]) + float(cmodel.bal_change))
        account.balance="%0.2f" % float(cmodel.total_balance)
        cmodel.total_balance="%0.2f" % float(cmodel.total_balance)
        #cmodel.bal_change=cmodel.bal_change
        cmodel.issued=now.strftime("%m/%d/%y %I:%M:%S %p")
        account.recent_change=cmodel.issued
        cmodel.save()
        account.save()
        return HttpResponseRedirect("/history/" + account_num + "/")
    else:
        return render_to_response('history.html',
                          {'account_form': form},
                          context_instance=RequestContext(request))

在HTML中,下面是代码

HTML格式

<form action="/deposit/{{ account_num }}/" method="post">

<table>
<tr>
{{ account_form.bal_change }}
&nbsp;
<input type="submit" value="Deposit" />
</tr>
{% csrf_token %}
</table>
</form>

我卡住了,我已经清除了cookie,使用了其他浏览器,但仍然没有设置csrf cookie。


Tags: forminfonumberrequestaccountfloatchangepost
3条回答
网友
1楼 · 编辑于 2024-06-16 09:47:50

如果您使用HTML5 Fetch API作为登录用户发出POST请求并获得Forbidden (CSRF cookie not set.),可能是因为默认情况下fetch不包含会话cookie,导致Django认为您与加载页面的用户不同。

您可以通过传递选项credentials: 'include'来获取会话令牌:

var csrftoken = getCookie('csrftoken');
var headers = new Headers();
headers.append('X-CSRFToken', csrftoken);
fetch('/api/upload', {
    method: 'POST',
    body: payload,
    headers: headers,
    credentials: 'include'
})
网友
2楼 · 编辑于 2024-06-16 09:47:50
from django.http import HttpResponse
from django.views.decorators.csrf import csrf_exempt

@csrf_exempt 
def your_view(request):
    if request.method == "POST":
        # do something
return HttpResponse("Your response")
网友
3楼 · 编辑于 2024-06-16 09:47:50

如果设置了CSRF_COOKIE_SECURE = True,并且您正在非安全地访问站点,或者如果CSRF_COOKIE_HTTPONLY = True设置为所述的herehere,则也会发生这种情况

相关问题 更多 >

    编程相关推荐