django admin登录突然要求csrf令牌 [英] django admin login suddenly demanding csrf token

问题描述

几分钟前我正好登录到我的django管理控制台。在超级用户登录时，我必须改变导致此错误的地方：

I was logging into my django admin console easily a few minutes ago. I must have changed something somewhere that caused this error when logging in as superuser:

禁止（403）
CSRF验证失败。请求已中止。

Forbidden (403) CSRF verification failed. Request aborted.

这个错误使我无法防范，因为我正在整夜登录。为什么我突然需要一个csrf令牌来管理登录？你会认为登录表单已经有了。这是我的admin.py：

This error caught me off guard as I was logging in all night. Why would I suddenly need a csrf token for admin login? You would think the sign in form already has that. This is my admin.py:

from django.contrib import admin
from accounts.models import Image, Category, UserProfile

class ImageAdmin(admin.ModelAdmin):
    list_display    = ["__unicode__", "title", "created"]

admin.site.register(Image, GenericImageAdmin)

class CategoryAdmin(admin.ModelAdmin):
    list_display    = ["category"]

admin.site.register(Category, CategoryAdmin)

admin.site.register(UserProfile)

推荐答案

管理员登录通常需要一个csrf令牌，但通常都会照顾你。

Admin login normally does require a csrf token, but that's normally all taken care of you.

1. 检查浏览器的cookies以查看如果有一个csrf令牌存在


2. 尝试清除Cookie并刷新


3. 检查以确保您有django.middleware.csrf.CsrfViewMiddleware您的中间件


4. 检查您是否位于 https 或您有 CSRF_COOKIE_SECURE = False （这是默认设置），否则您的csrf cookie存在但不会发送。在更改 CSRF_COOKIE_SECURE 之后清除您的Cookie。

1. Check your browser's cookies to see if there is a csrf token present
2. Try clearing cookies and refreshing
3. Check to make sure you have 'django.middleware.csrf.CsrfViewMiddleware' in your middleware
4. Check that you're either on https or you have CSRF_COOKIE_SECURE=False (which is the default) in settings, otherwise your csrf cookie exists but won't be sent. Purge your cookies after changing CSRF_COOKIE_SECURE.

这篇关于django admin登录突然要求csrf令牌的文章就介绍到这了，希望我们推荐的答案对大家有所帮助，也希望大家多多支持IT屋！