我正在构建这个wiki帖子,当我尝试保存数据时遇到错误。 我现在正在使用django 1.4.3,而我正在使用的教程已经很老了。所以我认为CSRF不包含在旧版本中。
Forbidden (403)
CSRF verification failed. Request aborted.
Help
Reason given for failure:
CSRF token missing or incorrect
In general, this can occur when there is a genuine Cross Site Request Forgery, or when Django's CSRF mechanism has not been used correctly. For POST forms, you need to ensure:
Your browser is accepting cookies.
The view function uses RequestContext for the template, instead of Context.
In the template, there is a {% csrf_token %} template tag inside each POST form that targets an internal URL.
If you are not using CsrfViewMiddleware, then you must use csrf_protect on any views that use the csrf_token template tag, as well as those that accept the POST data.
我认为问题出在我的模板中,但无论如何我都会列出我的views.py
我的观点是:
from wiki.models import Page
from django.shortcuts import render_to_response
from django.http import HttpResponseRedirect
def view_page(request,page_name):
try:
page = Page.objects.get(pk=page_name)
except Page.DoesNotExist:
return render_to_response("create.html",{"page_name":page_name})
content = page.content
return render_to_response("view.html",{"page_name":page_name , "content":content})
def edit_page(request,page_name):
try:
page = Page.objects.get(pk=page_name)
content = page.content
except Page.DoesNotExist:
content = ""
return render_to_response("edit.html",{"page_name":page_name, "content":content})
def save_page(request , page_name):
content = request.POST.get('content', 'this is the default')
try:
page = Page.objects.get(pk = page_name)
page.content = content
except Page.DoesNotExist:
page = Page(name= page_name , content=content)
page.save()
return HttpResponseRedirect("/wikicamp/" + page_name + "/")
我的create.html
<html>
<head>
<title>{{page.name}} - Create </title>
</head>
<body>
<h1>{{page_name}} </h1>
This page does not exist. <a href="/wikicamp/{{page_name}}/edit/">Create? </a>
</body>
</html>
我的edit.html,我在里面添加了{%csrf_token%},但似乎失败了。
<html>
<head>
<title>{{page_name - Editing</title>
</head>
<body>
<h1>Editing {{page_name}} </h1>
<form method = "post" action="/wikicamp/{{page_name}}/save/"> {% csrf_token %}
<textarea name="content" rows="20" cols="60"> {{content}}
</textarea><br/>
<input type="submit" value="Save Page"/>
</form>
</body>
</html>
我的views.py模板
<html>
<head>
<title>{{page_name}}</title>
</head>
<body>
<h1>{{page_name}} </h1>
{{content}}
<hr/>
<a href="/wikicamp/{{page_name}}/edit/">Edit this page ?</a>
</body>
</html>
我的URLconf:
from django.conf.urls import patterns, include, url
from django.contrib import admin
from django.conf import settings
admin.autodiscover()
urlpatterns = patterns('',
url(r'^admin/', include(admin.site.urls)),
url(r'^wikicamp/(?P<page_name>[^/]+)/edit/$','wiki.views.edit_page'),
url(r'^wikicamp/(?P<page_name>[^/]+)/save/$','wiki.views.save_page'),
url(r'^wikicamp/(?P<page_name>[^/]+)/$','wiki.views.view_page'),
)
我怎么能解决这个问题?
答案 0 :(得分:2)
from django.template import RequestContext
return render_to_response('contact_form.html',{'errors': errors}, context_instance=RequestContext(request))
并且如果表单用于内部URL,也可以在元素内使用csrf_token标记,例如:
"form action="" method="post">{% csrf_token %}"
答案 1 :(得分:1)
将context_instance = RequestContext(request)添加到您将在其中使用表单的每个视图: 看来你没有通过上下文处理器
from wiki.models import Page
from django.shortcuts import render_to_response
from django.http import HttpResponseRedirect
def view_page(request,page_name):
try:
page = Page.objects.get(pk=page_name)
except Page.DoesNotExist:
return render_to_response("create.html",{"page_name":page_name})
content = page.content
return render_to_response("view.html",{"page_name":page_name , "content":content}, context_instance=RequestContext(request))
def edit_page(request,page_name):
try:
page = Page.objects.get(pk=page_name)
content = page.content
except Page.DoesNotExist:
content = ""
return render_to_response("edit.html",{"page_name":page_name, "content":content}, context_instance=RequestContext(request))
def save_page(request , page_name):
content = request.POST.get('content', 'this is the default')
try:
page = Page.objects.get(pk = page_name)
page.content = content
except Page.DoesNotExist:
page = Page(name= page_name , content=content)
page.save()
return HttpResponseRedirect("/wikicamp/" + page_name + "/")
尝试一下。
你仍然遇到问题,请发布网址.py