如何在direct_to_template上免除CSRF保护 [英] How to exempt CSRF Protection on direct_to_template
问题描述
由于某些奇怪的原因,其他服务器发送POST请求,因此用户看到一个CSRF令牌丢失错误,因为其他服务器没有发回任何CSRF令牌。
如何从CSRF令牌中免除direct_to_template视图?
您可以使用 csrf_exempt
装饰器,以禁用特定视图的CSRF保护。
说出你的url模式是:
('^ my_page / $',direct_to_template,{'template':'my_page.html'}
将以下导入添加到您的 urls.py
中:
from django.views.decorators.csrf import csrf_exempt
然后将url模式更改为:
('^ my_page / $',csrf_exempt(direct_to_templ ate),{'template':'my_page.html'}
I have a flow in my django application in which I redirect the user to another service (e.g. PayPal) which after some its own processing, returns the user back on my own server. The returning point on my server is a simple HTML success page which I render using direct_to_template.
For some odd reasons, the other server sends a POST request and hence the user sees a CSRF token missing error as the other server doesn't send back any CSRF token.
How do I exempt a direct_to_template view from CSRF tokens?
You can use the csrf_exempt
decorator to disable CSRF protection for a particular view.
Say your url pattern is:
('^my_page/$', direct_to_template, {'template': 'my_page.html'})
Add the following import to your urls.py
:
from django.views.decorators.csrf import csrf_exempt
Then change the url pattern to:
('^my_page/$', csrf_exempt(direct_to_template), {'template': 'my_page.html'})
这篇关于如何在direct_to_template上免除CSRF保护的文章就介绍到这了,希望我们推荐的答案对大家有所帮助,也希望大家多多支持IT屋!