Django CSRF框架有很多失败 [英] Django CSRF Framework having many failures
问题描述
我从我网站上的CSRF Django中间件(SVN trunk的版本)中获得了许多失败。我获得的唯一错误是:CSRF失败:reason = CSRF令牌丢失或不正确。
I'm getting many failures from the CSRF Django middleware on my site (the version from SVN trunk.) The only errors I get are: CSRF failure: reason=CSRF token missing or incorrect.
我如何诊断这些CSRF错误来自哪里?我不能自己造成CSRF错误,但是,当CSRF错误视图被触发时,我设置网站给我发电子邮件,所以我知道这是经常发生的。
How could I diagnose where these CSRF errors are coming from? I can't cause the CSRF errors myself, but I setup the site to email me whenever the CSRF error view is triggered so I know that it is happening often.
推荐答案
我真的很努力地做到这一点,但最终却是这样。这是我的主要问题(Django 1.2 beta):
I really struggled to get it right, but eventually did. Here were my main issues (Django 1.2 beta):
- 根据Django的版本,确保您的中间件是正确的使用。在Django的在线文献中很好地涵盖了这一点。
- 确保您在每个表单中都有{%csrf_token%},只需按照表单的开始标签
- 这是我的主要问题,请确保所有表单都有一个转到页面,即不要以您的形式执行action =。
-
确保您的设置电子邮件都是正确的。我不得不这样做:
- Make sure your middleware stuff is right, according to the version of Django that you are using. This is well covered in Django's literature online.
- Make sure that you have the {% csrf_token %} in each form,just following the opening tag for the form
- This was my main problem, make sure that all your forms have an go-to page, i.e. don't do action="" in your form.
Make sure that your settings emails are all the right ones. I had to do something like this:
EMAIL_HOST ='mail.my-domain.com'
EMAIL_HOST_USER ='我的服务器上的用户名'
EMAIL_HOST_PASSWORD ='passwd'
EMAIL_PORT ='26'#在许多论坛帖子中,我经常看到25或26,我在托管域上看到
DEFAULT_FROM_EMAIL =noreply@domain.com确保设置并发送
SERVER_EMAIL ='noreply@domain.com'#与上述相同的电子邮件
EMAIL_HOST='mail.my-domain.com' EMAIL_HOST_USER='my user name on the server' EMAIL_HOST_PASSWORD='passwd' EMAIL_PORT= '26' # often seems to be 25 or 26 on many of the forum posts I read DEFAULT_FROM_EMAIL='noreply@domain.com' # on hosted domains, make sure it is set up and sending SERVER_EMAIL = 'noreply@domain.com' # Same email as above
- 将request_context添加到render_to_response的结尾
return render_to_response('contact.htm',{'favicon':r '____。ico',
'more_stuff':......
'more_stuff':......
'more_stuff':... ...
},
context_instance = RequestContext(request))
return render_to_response('contact.htm',{'favicon':r'____.ico', 'more_stuff':"......" 'more_stuff':"......" 'more_stuff':"......" }, context_instance = RequestContext(request))
确保你有:
TEMPLATE_CONTEXT_PROCESSORS = (
"django.contrib.auth.context_processors.csrf",
.....
)
在您的settings.py文件中。
in your settings.py file.
请注意,这真的不是一个怎么办,这只是我做了让我的工作。现在发布的原因是,我在论坛上看到这么多人讨论这个话题,只是关闭csrf_token。
Note that this is really not a how to, this is just what I did to get mine working. The reason for posting it now is that I see so many people on forums discussing this topic resort to just turning the csrf_token off.
这篇关于Django CSRF框架有很多失败的文章就介绍到这了,希望我们推荐的答案对大家有所帮助,也希望大家多多支持IT屋!