Django:csrf验证错误

时间:2014-07-18 13:48:30

标签: python django django-forms csrf django-csrf

GET请求:

<WSGIRequest
path:/contact,
GET:<QueryDict: {}>,
POST:<QueryDict: {}>,
COOKIES:{'__utma': '96992031.1421967427.1405088230.1405685996.1405688035.8',
 '__utmb': '96992031.3.10.1405688035',
 '__utmc': '96992031',
 '__utmz': '96992031.1405088230.1.1.utmcsr=(direct)|utmccn=(direct)|utmcmd=(none)',
 'djdt': 'hide'},
META:{'CONTENT_LENGTH': '',
 'CONTENT_TYPE': '',
 u'CSRF_COOKIE': u'RRNKQhMUwb2blNVeLxV61A8gqTbuFXya',
 'HTTP_ACCEPT': 'text/html, */*; q=0.01',
 'HTTP_ACCEPT_ENCODING': 'gzip,deflate,sdch',
 'HTTP_ACCEPT_LANGUAGE': 'en-GB,en-US;q=0.8,en;q=0.6',
 'HTTP_CONNECTION': 'keep-alive',
 'HTTP_COOKIE': 'djdt=hide; __utma=96992031.1421967427.1405088230.1405685996.1405688035.8; __utmb=96992031.3.10.1405688035; __utmc=96992031; __utmz=96992031.1405088230.1.1.utmcsr=(direct)|utmccn=(direct)|utmcmd=(none)',
 'HTTP_HOST': '127.0.0.1:8000',
 'HTTP_REFERER': 'http://127.0.0.1:8000/',
 'HTTP_USER_AGENT': 'Mozilla/5.0 (X11; Linux i686 (x86_64)) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/35.0.1916.153 Safari/537.36',
 'HTTP_X_REQUESTED_WITH': 'XMLHttpRequest',
 'PATH_INFO': u'/contact',
 'QUERY_STRING': '',
 'REMOTE_ADDR': '127.0.0.1',
 'REMOTE_PORT': 57435,
 'REQUEST_METHOD': 'GET',
 'SCRIPT_NAME': u'',
 'SERVER_NAME': '127.0.0.1',
 'SERVER_PORT': '8000',
 'SERVER_PROTOCOL': 'HTTP/1.1',
 'SERVER_SOFTWARE': 'Werkzeug/0.9.6',
 'werkzeug.request': <BaseRequest 'http://127.0.0.1:8000/contact' [GET]>,
 'werkzeug.server.shutdown': <function shutdown_server at 0x25876e0>,
 'wsgi.errors': <open file '<stderr>', mode 'w' at 0x7f72b9132270>,
 'wsgi.input': <socket._fileobject object at 0x7f72b0132cd0>,
 'wsgi.multiprocess': False,
 'wsgi.multithread': False,
 'wsgi.run_once': False,
 'wsgi.url_scheme': 'http',
 'wsgi.version': (1, 0)}>

发布请求:

<WSGIRequest
path:/contact,
GET:<QueryDict: {}>,
POST:<QueryDict: {u'city': [u'London'], u'first_name': [u'', u'', u''], u'future-notices-name': [u''], u'email_psp': [u'm'], u'csrfmiddlewaretoken': [u'RRNKQhMUwb2blNVeLxV61A8gqTbuFXya'], u'email': [u''], u'wfax': [u'+44 (0)']}>,
COOKIES:{'__utma': '96992031.1421967427.1405088230.1405685996.1405688035.8',
 '__utmb': '96992031.3.10.1405688035',
 '__utmc': '96992031',
 '__utmz': '96992031.1405088230.1.1.utmcsr=(direct)|utmccn=(direct)|utmcmd=(none)',
 'csrftoken': 'RRNKQhMUwb2blNVeLxV61A8gqTbuFXya',
 'djdt': 'hide'},
META:{'CONTENT_LENGTH': '627',
 'CONTENT_TYPE': 'application/x-www-form-urlencoded',
 u'CSRF_COOKIE': u'RRNKQhMUwb2blNVeLxV61A8gqTbuFXya',
 'HTTP_ACCEPT': 'text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,*/*;q=0.8',
 'HTTP_ACCEPT_ENCODING': 'gzip,deflate,sdch',
 'HTTP_ACCEPT_LANGUAGE': 'en-GB,en-US;q=0.8,en;q=0.6',
 'HTTP_CACHE_CONTROL': 'max-age=0',
 'HTTP_CONNECTION': 'keep-alive',
 'HTTP_COOKIE': 'djdt=hide; __utma=96992031.1421967427.1405088230.1405685996.1405688035.8; __utmb=96992031.3.10.1405688035; __utmc=96992031; __utmz=96992031.1405088230.1.1.utmcsr=(direct)|utmccn=(direct)|utmcmd=(none); csrftoken=RRNKQhMUwb2blNVeLxV61A8gqTbuFXya',
 'HTTP_HOST': '127.0.0.1:8000',
 'HTTP_ORIGIN': 'http://127.0.0.1:8000',
 'HTTP_REFERER': 'http://127.0.0.1:8000/',
 'HTTP_USER_AGENT': 'Mozilla/5.0 (X11; Linux i686 (x86_64)) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/35.0.1916.153 Safari/537.36',
 'PATH_INFO': u'/contact',
 'QUERY_STRING': '',
 'REMOTE_ADDR': '127.0.0.1',
 'REMOTE_PORT': 57438,
 'REQUEST_METHOD': 'POST',
 'SCRIPT_NAME': u'',
 'SERVER_NAME': '127.0.0.1',
 'SERVER_PORT': '8000',
 'SERVER_PROTOCOL': 'HTTP/1.1',
 'SERVER_SOFTWARE': 'Werkzeug/0.9.6',
 'werkzeug.request': <BaseRequest 'http://127.0.0.1:8000/contact' [POST]>,
 'werkzeug.server.shutdown': <function shutdown_server at 0x7f72b0128aa0>,
 'wsgi.errors': <open file '<stderr>', mode 'w' at 0x7f72b9132270>,
 'wsgi.input': <socket._fileobject object at 0x7f72b02500d0>,
 'wsgi.multiprocess': False,
 'wsgi.multithread': False,
 'wsgi.run_once': False,
 'wsgi.url_scheme': 'http',
 'wsgi.version': (1, 0)}>

views.py 

def contact(request):
    if request.method == 'POST':
        form = ContactForm(request.POST)
        if form.is_valid():
            return HttpResponse(json.dumps(cd))
    else:
        form = ContactForm()
    return render(request, 'contact.html', {'form': form})

表格如下:

<form id="notice_form" action="/contact" method="post">{% csrf_token %}

...

我正在尝试提交表单,但我收到403禁止错误。 检查get / post请求我可以看到两个请求中的csrftoken cookie是相同的。那为什么它仍然给我这个错误? :(

1 个答案:

答案 0 :(得分:0)

根据Django文档(因为我几乎从不使用基于函数的视图): https://docs.djangoproject.com/en/1.6/ref/contrib/csrf/#how-to-use-it

  

在相应的视图功能中,确保   正在使用'django.core.context_processors.csrf'上下文处理器。   通常,这可以通过以下两种方式之一完成:

     

使用始终使用的RequestContext   'django.core.context_processors.csrf'(无论你的是什么   TEMPLATE_CONTEXT_PROCESSORS设置)。如果您使用的是通用视图   或者contrib应用程序,您已经被覆盖,因为这些应用程序使用   整个RequestContext。

问题是您正在使用不使用RequestContext的HttpResponse,因此您需要移动到另一个解决方案或从csrf中免除视图(我不希望这样)。 如果您将此作为ajax请求使用,请确保实现: https://docs.djangoproject.com/en/1.6/ref/contrib/csrf/#ajax

相关问题
最新问题