我只是用POST方法构建一个简单的HTML表单,不幸的是我找到了CSRF验证错误。我们是否需要针对每个POST请求进行CSRF验证?
这只是在localhost上使用POST方法的简单html表单。没有涉及到跨站点。我可以通过使用csrf_token
一定修复它,但我还是不明白,为什么Django是问我的..
有没有重新方向/这里所涉及的I帧...
那么,这是为什么发生?这是正常的吗?
# Also tried using RequestContext(request) but there isn't any change in the error
#settings.py
'django.middleware.csrf.CsrfViewMiddleware' in MIDDLEWARE_CLASSES
#views.py
# url for home page is "" i.e, http://127.0.0.1:8000/
def HomePage (request):
if request.method == "POST":
form = myForm(request.POST)
if form.is_valid():
data = form.cleaned_data
context = { "myForm" : myForm(choices),
"values" : data,
}
return render_to_response("home.html", context)
else:
form = myForm(choices)
context = {"myForm" : form}
return render_to_response("home.html", context)
# home.html
<div id="pingmeeForm">
<form action="" method="post">
<table>
{{myForm.as_table}}
</table>
<input name="enter" type="submit" value="enter"/>
</form>
{{values}}
</div>
# forms.py
class myForm (forms.Form):
def __init__(self, my_choices,*args, **kwargs):
super(myForm, self).__init__(*args, **kwargs)
self.fields['Friends'] = forms.ChoiceField(choices=my_choices)
message = forms.CharField()
如果你在'settings.py'的中间件中有'django.middleware.csrf.CsrfViewMiddleware',那么它会检查每个'POST'请求。如果你真的不想要_CSRF_功能,你可以删除它,但这并不推荐。或者,使用模板中的“{%csrf_token%}”或“csrf_excempt”查看。 – Rohan 2012-08-09 12:50:28