Django返回403错误 - “CSRF cookie not set” [英] Django returning 403 Error -- "CSRF cookie not set"
问题描述
我收到了405错误,特别是说 CSRF验证失败。请求中止。 CSRF Cookie未设置。
我的 urls.py
是:
包含来自用户的导入管理
的url
import HandlerView
admin.autodiscover()
urlpatterns = patterns('',
url(r'^ admin /',include(admin.site.urls)),
url(r'^ users / login $',HandlerView.as_view(),name ='my-view'),
url(r'^ users / add $',HandlerView.as_view() name ='my-view'),
)
和我的 views.py
是:
from django.shortcuts import render
from django。 http导入HttpResponse
从django.views.generic import查看
类HandlerView(View):
def get(self,request,* args,** kwargs):
return HttpResponse('Hello,World!')
def post(self,request,* args,** kwargs):
printHello world!
return HttpResponse('Hello,World!')
我的卷曲执行在我的终端输入是:
curl -v -HAccept:application / json-HContent-type:application / json-X POST -d'{user:jeff,password:pass1}'http:// localhost:8000 / users / add
/ pre>
,运行我的服务器的终端返回:
13 / Feb / 2014 00:38:06]POST / users / add HTTP / 1.1403 2282
我明白什么是CSRF,但是通过终端怎样标记一个POST方法,当没有cookies的时候呢?这是什么补救措施?
解决方案可能是因为您可能启用了CSRF保护而导致此错误中小企业设置。
如果您不需要该保护,可以将视图设置为 CSRF豁免。
您可以直接在视图中使用装饰器,也可以将其从中间件设置中禁用。from django .views.decorators.csrf import csrf_exempt
from django.http import HttpResponse
@csrf_exempt
def my_view(request):
return HttpResponse('Hello world')
I'm getting a 405 error, specifically saying
CSRF verification failed. Request aborted. CSRF cookie not set.
My
urls.py
is:from django.conf.urls import patterns, include, url from django.contrib import admin from users.views import HandlerView admin.autodiscover() urlpatterns = patterns('', url(r'^admin/', include(admin.site.urls)), url(r'^users/login$', HandlerView.as_view(), name='my-view'), url(r'^users/add$', HandlerView.as_view(), name='my-view'), )
and my
views.py
is:from django.shortcuts import render from django.http import HttpResponse from django.views.generic import View class HandlerView(View): def get(self, request, *args, **kwargs): return HttpResponse('Hello, World!') def post(self, request, *args, **kwargs): print "Hello world!" return HttpResponse('Hello, World!')
The curl execution that I'm inputting at my terminal is:
curl -v -H "Accept: application/json" -H "Content-type: application/json" -X POST -d ' {"user" : "jeff", "password" : "pass1"} ' http://localhost:8000/users/add
and the terminal running my server returns:
[13/Feb/2014 00:38:06] "POST /users/add HTTP/1.1" 403 2282
I understand what CSRF is, but what would this be flagging for a POST method through the terminal, when theres no cookies right? What would be the remedy to this?
解决方案It might be giving this error because you might be having the CSRF protection turned on in middelware settings.
If you don't need that protection, you can set the view as CSRF exempt. You can simply use a decorator on the view or you can turn it disable it from middleware settings.
from django.views.decorators.csrf import csrf_exempt from django.http import HttpResponse @csrf_exempt def my_view(request): return HttpResponse('Hello world')
这篇关于Django返回403错误 - “CSRF cookie not set”的文章就介绍到这了,希望我们推荐的答案对大家有所帮助,也希望大家多多支持IT屋!