因此,代码很简单:403登录后页面刷新时出现CSRF错误()Django?
views.py
@csrf_protect
def index(request):
global userPersonalInformation
if request.method == "POST":
username = request.POST['username']
password = request.POST['password']
user = authenticate(username=username, password=password)
if user is not None:
login(request, user)
profile = Profile.objects.get(username=username)
return render(request, 'main/profile.html', {"profile":profile})
else:
if CheckUser(username, password):
user = User.objects.create_user(request.POST['username'], userPersonalInformation['email'], request.POST['password'])
user.save()
profile = Profile.objects.create(username=username,school=userPersonalInformation['school'],img=userPersonalInformation['img'], birthyear=userPersonalInformation['birthyear'],city=userPersonalInformation['city'],solved=progress['denominator'])
profile.save()
login(request, user)
return render(request, 'main/profile.html', {"profile": profile })
else:
context = {"form": Userform(request.POST or None), }
return render(request, 'main/login.html', context)
else:
form = Userform()
context = {"form": form, }
return render(request, 'main/login.html', context)
profile.html
{% block title %}Profile | {{ user.first_name }}
这显示个人资料|用户名称在标题栏上正确。即,用户已登录。
Settings.py
MIDDLEWARE = [
'django.middleware.security.SecurityMiddleware',
'django.contrib.sessions.middleware.SessionMiddleware',
'django.middleware.common.CommonMiddleware',
'django.middleware.csrf.CsrfViewMiddleware',
'django.contrib.auth.middleware.AuthenticationMiddleware',
'django.contrib.messages.middleware.MessageMiddleware',
'django.middleware.clickjacking.XFrameOptionsMiddleware',
]
主/ urls.py
from django.conf.urls import url
from . import views
app_name = 'main'
urlpatterns = [
url(r'^$', views.index, name='index'),
]
的login.html
{% extends "main/base.html" %}
{% block title %}Sign in{% endblock %}
{% block body %}
<div class="container">
<form method="post" action="" class="form-signin">
<h2 class="form-signin-heading">Please sign in</h2>
{% csrf_token %}
{{ form.as_p }}
<button class="btn btn-primary" type="submit">Sign in</button>
</form>
</div>
{% endblock %}
form.py
from django import forms
from django.contrib.auth.models import User
class Userform(forms.Form):
class Meta:
model= User
fields = ('username', 'password')
username = forms.CharField()
password = forms.CharField(widget=forms.PasswordInput())
Checkuser
CheckUser()
return True
现在的问题是,当我在点击链接的标志,我的个人资料页上显示的所有信息。但是,当我刷新页面时,我得到这个错误:
Forbidden (403)
CSRF verification failed. Request aborted.
请帮助我。配置文件是数据库中具有用户内容的另一个表。用户和配置文件的主键都是用户名。如果用户是我正在爬行的另一个网站的有效用户,则函数CheckUser。如果他是,我们将他的详细信息保存到我们的数据库,userPersonalInformation是一个全局字典。
Django的1.10版
但我怎么会在通过这个'profile'重定向功能? –
您只需将配置文件视图的“url”或“url_name”传递给配置文件功能即可。 – v1k45
检查更新的答案。 – v1k45