Django CSRF框架有很多失败 [英] Django CSRF Framework having many failures

问题描述

我从我网站上的CSRF Django中间件（SVN trunk的版本）中获得了许多失败。我获得的唯一错误是：CSRF失败：reason = CSRF令牌丢失或不正确。

I'm getting many failures from the CSRF Django middleware on my site (the version from SVN trunk.) The only errors I get are: CSRF failure: reason=CSRF token missing or incorrect.

我如何诊断这些CSRF错误来自哪里？我不能自己造成CSRF错误，但是，当CSRF错误视图被触发时，我设置网站给我发电子邮件，所以我知道这是经常发生的。

How could I diagnose where these CSRF errors are coming from? I can't cause the CSRF errors myself, but I setup the site to email me whenever the CSRF error view is triggered so I know that it is happening often.

推荐答案

我真的很努力地做到这一点，但最终却是这样。这是我的主要问题（Django 1.2 beta）：

I really struggled to get it right, but eventually did. Here were my main issues (Django 1.2 beta):

1. 根据Django的版本，确保您的中间件是正确的使用。在Django的在线文献中很好地涵盖了这一点。


2. 确保您在每个表单中都有{％csrf_token％}，只需按照表单的开始标签


3. 这是我的主要问题，请确保所有表单都有一个转到页面，即不要以您的形式执行action =。



4. 确保您的设置电子邮件都是正确的。我不得不这样做：

1. Make sure your middleware stuff is right, according to the version of Django that you are using. This is well covered in Django's literature online.
2. Make sure that you have the {% csrf_token %} in each form,just following the opening tag for the form
3. This was my main problem, make sure that all your forms have an go-to page, i.e. don't do action="" in your form.

4. Make sure that your settings emails are all the right ones. I had to do something like this:

EMAIL_HOST ='mail.my-domain.com'
EMAIL_HOST_USER ='我的服务器上的用户名'
EMAIL_HOST_PASSWORD ='passwd'
EMAIL_PORT ='26'＃在许多论坛帖子中，我经常看到25或26，我在托管域上看到
DEFAULT_FROM_EMAIL =noreply@domain.com确保设置并发送
SERVER_EMAIL ='noreply@domain.com'＃与上述相同的电子邮件

EMAIL_HOST='mail.my-domain.com' EMAIL_HOST_USER='my user name on the server' EMAIL_HOST_PASSWORD='passwd' EMAIL_PORT= '26' # often seems to be 25 or 26 on many of the forum posts I read DEFAULT_FROM_EMAIL='noreply@domain.com' # on hosted domains, make sure it is set up and sending SERVER_EMAIL = 'noreply@domain.com' # Same email as above

1. 将request_context添加到render_to_response的结尾

return render_to_response（'contact.htm'，{'favicon'：r '____。ico'，
'more_stuff'：......
'more_stuff'：......
'more_stuff'：... ...
}，
context_instance = RequestContext（request））

return render_to_response('contact.htm',{'favicon':r'____.ico', 'more_stuff':"......" 'more_stuff':"......" 'more_stuff':"......" }, context_instance = RequestContext(request))

确保你有：

TEMPLATE_CONTEXT_PROCESSORS = (
     "django.contrib.auth.context_processors.csrf",
     .....
   )

在您的settings.py文件中。

in your settings.py file.

请注意，这真的不是一个怎么办，这只是我做了让我的工作。现在发布的原因是，我在论坛上看到这么多人讨论这个话题，只是关闭csrf_token。

Note that this is really not a how to, this is just what I did to get mine working. The reason for posting it now is that I see so many people on forums discussing this topic resort to just turning the csrf_token off.

这篇关于Django CSRF框架有很多失败的文章就介绍到这了，希望我们推荐的答案对大家有所帮助，也希望大家多多支持IT屋！