1.jinja2模板文件:
<!DOCTYPE html>
<html>
<head>
<title>image upload demo</title>
</head>
<body>
<form action="{{ imgup_url }}" method="post" accept-charset="utf-8"
enctype="multipart/form-data">
<input type=hidden id="token" value="{{ token }}">
<label for="filename">File:</label>
<input id="pictitle" name="pictitle" type="text" value="okkk" />
<input id="upfile" name="upfile" type="file" value="" />
<input id="button" type="submit" value="upload" />
</form>
</body>
</html>
2.views.py文件
@view_config(permission='post', route_name='imgup',
renderer='shootout:jinja2/imgup.jinja2',
check_csrf=False)
def ueditor_ImgUp(request):
""" upload image """
form = Form(request, schema=ImgUpSchema)
token1 = request.session.new_csrf_token()
if 'form.submitted' in request.params:
token2 = request.session.get_csrf_token()
if token2 != request.POST['csrf_token']:
raise ValueError('CSRF token did not match')
print "imgup is login begin!!!"
source_pictitle = request.POST.get('pictitle')
source_filename = request.POST['upfile'].filename
response = Response()
myresponse = __myuploadfile(fileObj, source_pictitle, source_filename, 'pic')
response.write(myresponse)
print "imgup is success!!!"
return response
else:
return {'imgup_url':'/imgup','token':token1}
3 .__ init__.py文件:
engine = engine_from_config(settings, 'sqlalchemy.')
DBSession.configure(bind=engine)
session_factory = UnencryptedCookieSessionFactoryConfig(
settings['session.secret']
)
authn_policy = SessionAuthenticationPolicy()
authz_policy = ACLAuthorizationPolicy()
config = Configurator(
settings=settings,
root_factory=RootFactory,
authentication_policy=authn_policy,
authorization_policy=authz_policy,
session_factory=session_factory
)
config.add_static_view('static', 'shootout:static')
config.add_static_view('html', 'shootout:html')
config.include(addroutes)
config.add_route('imgup','/imgup')
提交上传按钮时显示: 403禁止 访问被拒绝此资源。 CSRF令牌丢失或无效
如何解决这个问题?谢谢。
答案 0 :(得分:1)
pyramid html post方法需要csrf_token,所以我这样做:
视图:
csrf_token = request.session.get_csrf_token()
return {'csrf_token':csrf_token}
模板(Jinja2的):
<input id="_csrf" type="hidden" value="{{ csrf_token }}"/>
成功〜