Django - CSRF令牌丢失或不正确 [英] Django - CSRF token missing or incorrect
问题描述
禁止(403)
CSRF验证失败。请求中止。
失败的原因:
CSRF令牌丢失或不正确。
在我的settings.py(MIDDLEWARE_CLASSES)我不得不删除以下行,因为它现在已经不推荐了:
'django.middleware.csrf.CsrfResponseMiddleware',
而不是我开始收到此错误。
一些必要的信息:
Urls.py
url(r'^ login / $ ','django.contrib.auth.views.login',{'template_name':'registration / login.html'},name ='login')
MIDDLEWARE_CLASSES =(
'django.middleware.gzip.GZipMiddleware',
'django.middleware.common.CommonMiddleware',
'django.contrib.sessions.middleware.SessionMiddleware',
'django.middleware.csrf.CsrfViewMiddleware',
'django.contrib。 auth.middleware.AuthenticationMiddleware ,
'django.contrib.messages.middleware.MessageMiddleware',
#'django.middleware.csrf.CsrfResponseMiddleware',
'django.contrib.flatpages.middleware.FlatpageFallbackMiddleware',
)
login.html
{%extendsbase.html%}
{%block title%}登录{%endblock%}
{%block content%}
< div id =text>
< table>
< form action =method =post>
{%csrf_token%}
< tr>
< td>< label for =username> Email:< / label>< / td>
< td>< input type =textname =usernamevalue =id =username>< / td>
< / tr>
< tr>
< td>< label for =password>密码:< / label>< / td>
< td>< input type =passwordname =passwordvalue =id =password>< / td>
< / tr>
< tr>
< td>< input type =submitvalue =Login/>
{%if next%}
< input type =hiddenname =nextvalue ={{next}}>< / td>
{%else%}
< input type =hiddenname =nextvalue =//>< / td>
{%endif%}
< / tr>
< / form>
< / table>
{%if form.errors%}
< p class =error>用户或密码不正确< / p>
{%endif%}
< / div>
{%endblock%}
有没有人知道如何解决这个问题? >
代码看起来不错,Django 1.3和1.4 auth.views.login正确使用RequestContext。请检查:
- 首先清除浏览器的数据,然后重试
- 提交的csrfmiddlewaretoken有什么价值?
- 您是否导入正确的Django?
- 只需确保控制台中是否有UserWarning,如:A {%csrf_token%}一个模板,但上下文没有提供值,这通常是由于不使用RequestContext引起的。
I just updated my django to 1.4. But I am getting the following error when I try to submit my login form:
Forbidden (403) CSRF verification failed. Request aborted. Reason given for failure: CSRF token missing or incorrect.
In my settings.py (MIDDLEWARE_CLASSES) I had to remove the following line because its now deprecated:
'django.middleware.csrf.CsrfResponseMiddleware',
And than I started to to get this error.
Some necessary information: Urls.py
url(r'^login/$', 'django.contrib.auth.views.login', {'template_name': 'registration/login.html'}, name='login')
MIDDLEWARE_CLASSES = (
'django.middleware.gzip.GZipMiddleware',
'django.middleware.common.CommonMiddleware',
'django.contrib.sessions.middleware.SessionMiddleware',
'django.middleware.csrf.CsrfViewMiddleware',
'django.contrib.auth.middleware.AuthenticationMiddleware',
'django.contrib.messages.middleware.MessageMiddleware',
# 'django.middleware.csrf.CsrfResponseMiddleware',
'django.contrib.flatpages.middleware.FlatpageFallbackMiddleware',
)
login.html
{% extends "base.html" %}
{% block title %} Login {% endblock %}
{% block content %}
<div id="text">
<table>
<form action="" method="post">
{% csrf_token %}
<tr>
<td><label for="username">Email:</label></td>
<td><input type="text" name="username" value="" id="username"></td>
</tr>
<tr>
<td><label for="password">Password:</label></td>
<td><input type="password" name="password" value="" id="password"></td>
</tr>
<tr>
<td><input type="submit" value="Login" />
{% if next %}
<input type="hidden" name="next" value="{{ next }}" /></td>
{% else %}
<input type="hidden" name="next" value="/" /></td>
{% endif %}
</tr>
</form>
</table>
{% if form.errors %}
<p class="error">User or password incorrect</p>
{% endif %}
</div>
{% endblock %}
Does anyone knows how to solve this problem?
The code looks fine, Django 1.3 and 1.4 auth.views.login uses RequestContext correctly. Please check:
- Firstly clear data of browser and try again
- What's the value of submitted csrfmiddlewaretoken
- Do you import correct Django?
- Just make sure, is there UserWarning in console like?: "A {% csrf_token %} was used in a template, but the context did not provide the value. This is usually caused by not using RequestContext."
这篇关于Django - CSRF令牌丢失或不正确的文章就介绍到这了,希望我们推荐的答案对大家有所帮助,也希望大家多多支持IT屋!