CSRF验证失败。更新表单时请求中止

时间:2014-10-19 14:20:23

标签: django django-models django-forms django-templates django-views

我有以下模板

{% block content %}
    <form enctype="multipart/form-data" action="" method="post">{% csrf_token %}
    {% for field in form %}
        {{ field.label_tag }} {{ field }}
    {% endfor %}
    <input type="submit" value="Submit">
    </form>
{% endblock %}

使用此模型构建

class TProfiles(models.Model):
    id = models.IntegerField(primary_key=True)  # AutoField?
    first_name = models.CharField(max_length=45, blank=True)
    surname = models.CharField(max_length=45, blank=True)
    email = models.CharField(max_length=45, blank=True)

class Meta:
    managed = False
    db_table = 'profiles'

class TProfilesForm(ModelForm):
    class Meta:
        model = TProfiles
        fields = ['first_name', 'surname', 'email']

哪个传递给视图

def register(request):
    form = TProfilesForm()

    if request.method == 'POST':
        form = TProfilesForm(request.POST)
        if form.is_valid():
            form.save()

    return render_to_response("register.html", {
        "form": form,
    })

但是,在尝试保存字段时,我一直遇到错误。 CSRF错误似乎有很多种...

编辑 - 错误消息

Forbidden (403)
CSRF verification failed. Request aborted.
Help
Reason given for failure:
    CSRF token missing or incorrect.

In general, this can occur when there is a genuine Cross Site Request Forgery, or when Django's   CSRF mechanism has not been used correctly. For POST forms, you need to ensure:
Your browser is accepting cookies.
The view function uses RequestContext for the template, instead of Context.
In the template, there is a {% csrf_token %} template tag inside each POST form that targets an internal URL.
If you are not using CsrfViewMiddleware, then you must use csrf_protect on any views that use the csrf_token template tag, as well as those that accept the POST data.
You're seeing the help section of this page because you have DEBUG = True in your Django settings file. Change that to False, and only the initial error message will be displayed.
You can customize this page using the CSRF_FAILURE_VIEW setting.

2 个答案:

答案 0 :(得分:0)

答案似乎是将RequestContext(request)添加到return语句中。所以我的代码看起来像:

def register(request):
    form = TProfilesForm()

    if request.method == 'POST':
        form = TProfilesForm(request.POST)
        if form.is_valid():
            form.save()


    return render_to_response("register.html", {
        "form": form,
    }, RequestContext(request))  

找到了答案here

答案 1 :(得分:0)

或者简单地使用render而不是render_to_response:

return render(request,"register.html", {"form": form,})

使用导入:

from django.shortcuts import render