CSRF cookie未设置Django…验证失败

2024-04-29 09:31:17 发布

您现在位置:Python中文网/ 问答频道 /正文
484 3

AoA公司 我是Django的新手,我试图从POST获取数据,但是没有设置错误CSRF cookie,我试图通过google在google和stackoverflow上找到解决方案,但是失败了

这是密码

视图.py

    from django.http import HttpResponse
    from django.template.loader import get_template
    from django.template import Context
    from django.template import RequestContext
    from django.core.context_processors import csrf
    from django.shortcuts import render_to_response

def search_Post(request):
    if request.method == 'POST':
            c = {}
        c.update(csrf(request))
        # ... view code here
                return render_to_response("search.html", c)

def search_Page(request):
    name='Awais you have visited my website :P'
    t = get_template('search.html')
    html = t.render(Context({'name':name}))
    return HttpResponse(html)

HTML文件

<p>
          {{ name }}
            <form method="POST" action="/save/">
              {% csrf_token %}
              <textarea name="content" rows="20" cols="60">{{content}}</textarea><br>
              <input type="submit" value="Save Page"/>
            </form>
       <div>  Cant figure out any solution! :( </div>

 </p>

网址.py

 url(r'^home/$', 'contacts.views.home_Page'),
 url(r'^save/$', 'contacts.views.search_Post'),
 url(r'^edit/$', 'contacts.views.edit_Page'),
 url(r'^search/$', 'contacts.views.search_Page'),

设置.py

TEMPLATE_CONTEXT_PROCESSORS = (
    'django.core.context_processors.csrf',
    'django.contrib.auth.context_processors.auth',
    'django.core.context_processors.debug',
    'django.core.context_processors.i18n',
    'django.core.context_processors.media',
    'django.core.context_processors.static',
    'django.core.context_processors.request',
    'django.contrib.messages.context_processors.messages'
)

MIDDLEWARE_CLASSES = (
    'django.middleware.common.CommonMiddleware',
    'django.contrib.sessions.middleware.SessionMiddleware',
    'django.middleware.csrf.CsrfViewMiddleware',
    'django.contrib.auth.middleware.AuthenticationMiddleware',
    'django.contrib.messages.middleware.MessageMiddleware',
    # Uncomment the next line for simple clickjacking protection:
    # 'django.middleware.clickjacking.XFrameOptionsMiddleware',
)

Tags: djangonamefromcoreimportsearchrequesthtml
3条回答
网友
1楼 · 编辑于 2024-04-29 09:31:17

从修复HTML开始(您忘记了=):

<form method="POST" action="/search/save">
{% csrf_token %}
<textarea name="content" rows="20" cols="60">{{content}}</textarea><br>
<input type="submit" value="Save Page"/>
</form>

另外:

def home_Page(request):
    #if request.method == 'GET':
    name='Awais you have visited my website :P'
    if request.method == 'POST':
        #name = request.POST.get('content')
        return render_to_response("search.html", {}, context_instance=RequestContext(request))

    return render_to_response("home.html", {'name':name}, context_instance=RequestContext(request))
网友
2楼 · 编辑于 2024-04-29 09:31:17

您使用这两种方法将CSRF令牌传递给模板处理器

c = {}
c.update(csrf(request))

请求上下文,只要一个就足够了,see docs。但你用错了地方,因为你是在满足“邮政”的要求。当浏览器填写表单并希望获得结果时,通常会发送这些请求。

浏览器呈现home.html,向服务器发送GET请求,服务器由

t = get_template('home.html')
html = t.render(ResponseContext({'name':name}))
return HttpResponse(html)

你的代码的一部分。在那里,你不能使用任何手段传递csrf令牌。因此,当调用模板处理器get_template().render()时,is的上下文中没有标记,因此只需忽略模板中的{%csrf_token%}代码。因此,您要么在t.render(…)视图中使用RequestContext,要么将cdict传递给您。

您可以在浏览器窗口中检查生成的表单。

更新

seetings.py中,在'django.core.context_processors.csrf'之后添加一个逗号,现在的方式是,它只是连接字符串。

应该是:

TEMPLATE_CONTEXT_PROCESSORS = (
    'django.core.context_processors.csrf',
    'django.contrib.auth.context_processors.auth',
    'django.core.context_processors.debug',
网友
3楼 · 编辑于 2024-04-29 09:31:17

我也遇到了同样的问题,通过将ensure_csrf_cookie decorator添加到您的视图中解决了这个问题:

 from django.views.decorators.csrf import ensure_csrf_cookie
 @ensure_csrf_cookie
 def yourView(request):
     #...

它将在浏览器cookie中设置csrftoken,您可以这样制作ajax

function getCookie(name) {
    var cookieValue = null;
    if (document.cookie && document.cookie != '') {
        var cookies = document.cookie.split(';');
        for (var i = 0; i < cookies.length; i++) {
            var cookie = jQuery.trim(cookies[i]);
            // Does this cookie string begin with the name we want?
            if (cookie.substring(0, name.length + 1) == (name + '=')) {
                cookieValue = decodeURIComponent(cookie.substring(name.length + 1));
                break;
            }
        }
    }
    return cookieValue;
}
function csrfSafeMethod(method) {
    // these HTTP methods do not require CSRF protection
    return (/^(GET|HEAD|OPTIONS|TRACE)$/.test(method));
}
$.ajaxSetup({
    crossDomain: false, // obviates need for sameOrigin test
    beforeSend: function(xhr, settings) {
        if (!csrfSafeMethod(settings.type)) {
            xhr.setRequestHeader("X-CSRFToken", getCookie('csrftoken'));
        }
    }
});
$.ajax({
        url: url,
        type: type,
        async: async,
        data: data,
        error: function (e) {},
        success: function (data) {
                returnFunction(data);
            }
    });

相关问题 更多 >

    编程相关推荐