python-requests和django-CSRF验证失败。请求中止 [英] python-requests and django - CSRF verification failed. Request aborted

问题描述

我有一个django服务器来上传文件，当我使用浏览器时，我可以毫无问题地上传文件。

I have a django server to upload files and when I use a browser, I can upload the file without problems.

但是如果我使用python-requests命令，它告诉我CSRF验证失败。请求中止。 python-requests代码如下：

But if I use the python-requests commands, it tells me CSRF verification failed. Request aborted. The python-requests code is as followed:

    #upload via HTTP
    file = {"docfile": open(fullfilename, "rb")}
    s = requests.Session()
    r = s.get(dhost)
    r = s.post(dhost, files=file)

如果我执行我的代码，则会得到代码403，并且错误CSRF验证失败。请求中止。给出失败原因：CSRF令牌丢失或不正确。

If I execute my code, I get the code 403 and the error CSRF verification failed. Request aborted. Reason given for failure: CSRF token missing or incorrect.

但是，如果我查看发送的标头，则会设置cookie：

But if I look in the header I sent, I have the cookie set:

CaseInsensitiveDict({'Content-Length': u'84169', 
'Accept-Encoding': 'gzip, deflate, compress', 
'Accept': '*/*', 
'User-Agent': 'python-requests/2.0.1 CPython/2.7.3 Linux/3.6.11+', 
'Cookie': 'csrftoken=GOOIsG89i5oMCJO6594algTXooxoUeoL', 
'Content-Type': 'multipart/form-data; boundary=86ada00b4f6c41d5997293cce7a53b6b'})

能否请您告诉我该如何工作？

Could you please tell me what I should do in order to have this to work?

谢谢，

John。

推荐答案

实际上一切正常，您只需要了解csrf的工作原理即可。当您在浏览器中加载页面时，您会在 {％csrf_token％} 中获得一个csrf令牌，因此，当您将数据发送到服务器时，您也会同时发送csrf

It's actually all working fine, you just have to understand how csrf works. When you load the page in your browser, you get a csrf token inside {% csrf_token %}, So when you send the data to the server, you also send along the csrf token.

使用请求时，您会在 get部分中获取cookie，但不会将其与 post一起发送。如果没有它，您将发送一个根本没有令牌的发帖请求，这意味着CSRF验证错误。要解决它，请尝试以下代码：

When you use requests, you're getting the cookie in the 'get' part, but you're not sending it along with your 'post'. without it, you're just sending a post request with no token at all, which means a CSRF verification error. To solve it, try this code:

file = {"docfile": open(fullfilename, "rb")}
s = requests.Session()
r1 = s.get(dhost)
csrf_token = r1.cookies['csrftoken']
r2 = s.post(dhost, files=file, data={'csrfmiddlewaretoken': csrf_token}, headers=dict(Referer=dhost))

如果仅供您自己使用，您可以使用csrf_exampt在该视图上禁用csrf：

If this is just for your own usage, you can disable csrf on that view using csrf_exampt:

@csrf_exempt
def my_view(request):
   ...whateva...

但是请注意，这不是如果您打算启动服务器并向公众开放，则为推荐的解决方案

But note that this isn't a recommended solution if you plan to launch your server and open it to the public

这篇关于python-requests和django-CSRF验证失败。请求中止的文章就介绍到这了，希望我们推荐的答案对大家有所帮助，也希望大家多多支持IT屋！