1. 首页
  2. 问答
  3. Django中的跨站请求伪造问题

Django中的跨站请求伪造问题

2014-05-08 39 views
0

我在尝试在django中实现csrf时遇到此错误。 禁止(403) CSRF验证失败。请求中止。 帮助 给出失败的原因: CSRF令牌丢失或不正确。 (和唧唧歪歪) 我Views.py显示如下:Django中的跨站请求伪造问题

from django.shortcuts import render_to_response 
from django.http import HttpResponseRedirect 
from django.contrib import auth 
from django.core.context_processors import csrf 
from django.contrib.auth.forms import UserCreationForm 

def login(request): 
    c = {} 
    c.update(csrf(request)) 
    return render_to_response('login.html', c) 
def auth_view(request): 
    username = request.POST.get('username', '') 
    password = request.POST.get('password', '') 
    user = auth.authenticate(username=username, password=password) 
    if user is not None: 
     auth.login(request, user) 
     return HttpResponseRedirect('/accounts/loggedin') 
    else: 
     return HttpResponseRedirect('/accounts/invalid') 
def loggedin(request): 
    return render_to_response('loggedin.html',{'full_name':request.user.username}) 
def invalid_login(request): 
    return render_to_response('invalid_login.html') 
def logout(request): 
    auth.logout(request) 
    return render_to_response('logout.html') 
def register_user(request): 
    if request.method == 'POST': 
     form = UserCreationForm(request.POST) 
     if form.is_valid(): 
      form.save() 
      return HttpResponseRedirect('/accounts/register_success') 
    args ={} 
    args.update(csrf(request)) 
    args['form'] = UserCreationForm() 
    return render_to_response('register.html') 
def register_success(request): 
    return render_to_response('register_success.html')

我register.html反映了以下几点:

{% extends 'base.html' %} 

{% block content %} 

    <h2>Register</h2> 
    <form action="/accounts/register/" method="post">{% csrf_token %} 
    {{ form }} 
    <input type="submit" value="Register"/> 
    </form> 

{% endblock %}

在urls.py:

from django.conf.urls import patterns, include, url 

from django.contrib import admin 
admin.autodiscover() 

urlpatterns = patterns('', 
    (r'^articles/', include('article.urls')), 

    url(r'^admin/', include(admin.site.urls)), 
    url(r'^accounts/login/$', 'django_test.views.login'), 
    url(r'^accounts/auth/$', 'django_test.views.auth_view'), 
    url(r'^accounts/logout/$', 'django_test.views.logout'), 
    url(r'^accounts/loggedin/$', 'django_test.views.loggedin'), 
    url(r'^accounts/invalid/$', 'django_test.views.invalid_login'), 
    url(r'^accounts/register/$', 'django_test.views.register_user'), 
    url(r'^accounts/register_success/$', 'django_test.views.register_success'), 
)

请指教。我在浏览器中启用了Cookie。

来源

2014-05-08 user3114321

+0

是否在您的模板中呈现{%csrf_token%}? – Jingo

+0

是的......我也复制了模板代码。 – user3114321

回答

0

这可能不是最好的做法,但你可以添加:

@csrf_exempt

正上方的view.py文件的功能。

见例如Django的休息框架教程: Writing regular Django views

来源

2014-05-08 13:41:22

+0

它没有奏效,现在它说@csrf_exempt没有被定义。 – user3114321

+0

'from django.views.decorators.csrf import csrf_exempt' – irvanjit

+0

导入csrf_exempt并将@csrf_exempt放在csrf函数之上时出现同样的错误。 – user3114321

1

在register.html需要内<form> </form>这样添加CSRF令牌:{% csrf_token %},希望这将解决这个问题。

来源

2014-05-08 16:13:12 ruddra

相关问题

 相关问题