当我点击提交时,显示csrf验证失败,尽管我使用了{%csrftoken%} 在这里我的view.py:
@csrf_protect
def register(request):
if request.method == 'POST':
form = RegistrationForm(request.POST)
if form.is_valid():
user = User.objects.create_user(
username=form.cleaned_data['username'],
password=form.cleaned_data['password1'],
email=form.cleaned_data['email']
)
return HttpResponseRedirect('/login/')
else:
form = RegistrationForm()
catagories = Company_Profile.objects.all()
variables = RequestContext(request, {
'form': form,'catagories' : catagories
})
return render_to_response(
'index1.html',
variables
)
我的html页面index1.html s:
<div id="connect_signup_box" class="connect_box_form clearfix">{% csrf_token %}
<form enctype="application/x-www-form-urlencoded" class="global_form" action="" method="POST">{% csrf_token %}<div><div><h3>Create Account</h3>
<div class="form-elements" >
<div id="name-wrapper" class="form-wrapper"><div id="name-label" class="form-label"><label for="name" class="optional">Name</label></div>
<div id="name-element" class="form-element">
<input type="text" name="name" id="name" value="" class="signup-name"></div> </div>
<div id="username-wrapper" class="form-wrapper"><div id="username-label" class="form-label"><label for="id_username">Username:</label></div>
<div id="username-element" class="form-element">
<input id="id_username" max_length="30" name="username" required="True" type="text">
<div id="uJTtr4FGLy-wrapper" class="form-wrapper"><div id="uJTtr4FGLy-label" class="form-label"><label for="id_email">Email Id:</label></div>
<div id="uJTtr4FGLy-element" class="form-element">
<input id="id_email" max_length="30" name="email" required="True" type="text">
<p class="description">You will use your email address to login.</p></div> </div>
<div id="password-wrapper" class="form-wrapper"><div id="password-label" class="form-label"><label for="id_password1">Password:</label></div>
<div id="password-element" class="form-element">
<input id="id_password1" name="password1" type="password">
<p class="description">Passwords must be at least 6 characters in length. </p></div></div>
<div id="passconf-wrapper" class="form-wrapper"><div id="passconf-label" class="form-label"><label for="id_password2">Password (Confirm):</label></div>
<div id="passconf-element" class="form-element">
<input id="id_password2" max_length="30" name="password2" render_value="False" required="True" type="password">
<p class="description">Enter your password again for confirmation.</p></div> </div>
<p class="description">This will be the end of your profile link, for example: <br> </p></div></div>
</div></div>
<div id="terms-wrapper" class="form-wrapper"><div id="terms-label" class="form-label"> </div><div id="terms-element" class="form-element">
<input type="hidden" name="terms" value=""><input type="checkbox" name="terms" id="terms" value="1" tabindex="7">
<label class="null" for="terms">I have read and agree to the <a target="_blank" href="help/terms.html">terms of service</a>.</label></div></div>
<div id="submit-wrapper" class="form-wrapper"><div id="submit-label" class="form-label"> </div><div id="submit-element" class="form-element">
<input type="hidden" name="csrfmiddlewaretoken" value="vmGTjibc4wzzsrVshrElFs8J0T24UECG">
<input type="submit" class="btn btn-success" value="submit">
<input type="reset" class="btn" value="cancel">
</div></div></div></form> </div>
</div>
我没有使用form.as_p,因为我需要单独申请css .. 请帮帮我
编辑: 我得到了答案 实际的问题是我有硬编码的csrf,即
所以删除它,它工作正常。感谢@ Daniel Roseman,他注意到了我并感谢所有人帮助我。
答案 0 :(得分:2)
您应该将RequestContext作为render_to_response()的第三个参数传递:
return render_to_response('index1.html',
{'form': form, 'catagories': catagories},
RequestContext(request))
或者,作为更好的选择,请使用render()功能代替render_to_response():
from django.shortcuts import render
return render(request, 'index1.html', variables)
答案 1 :(得分:1)
您需要移动{%csrf_token%}标记 - 将其放在表单中。此外,如果您使用的是django.middleware.csrf.CsrfViewMiddleware,则无需手动csrf_protect您的视图。
对于上下文实例,尝试这样做:
def register(request):
if request.method == 'POST':
form = RegistrationForm(request.POST)
if form.is_valid():
user = User.objects.create_user(
username=form.cleaned_data['username'],
password=form.cleaned_data['password1'],
email=form.cleaned_data['email']
)
return HttpResponseRedirect('/login/')
else:
form = RegistrationForm()
catagories = Company_Profile.objects.all()
variables = {'form': form,'catagories' : catagories}
return render_to_response('index1.html', variables, context_instance=RequestContext(request))