当我尝试登录django 1.8项目的博客应用程序时出现403错误。给出的原因是没有设置CSRF Cookie。这种情况大约有80%的时间我尝试在Chrome中登录项目,有时我可以登录编辑视图,但我无法更新帖子。我曾尝试设置与jQuery的饼干,除了在所有的我的帖子的形式加入{%csrf_token%}标签,并从我的研究会认为使用基于类视图自动呈现模板与相关CSRF信息。考虑到不工作不一致,我对自己的错误感到有些不知所措。
来自blog.views.py的:
class LoginView(FormView):
success_url = '/blog/edit/'
form_class = AuthenticationForm
template_name = 'blog/login.html'
@method_decorator(sensitive_post_parameters('password'))
@method_decorator(never_cache)
@method_decorator(requires_csrf_token)
def dispatch(self, request, *args, **kwargs):
return super(LoginView, self).dispatch(request, *args, **kwargs)
def form_valid(self, form):
user = authenticate(username=self.request.POST['username'], password=self.request.POST['password'])
if user:
login(self.request, user)
return super(LoginView, self).form_valid(form)
class LoggedIn(object):
@method_decorator(requires_csrf_token)
@method_decorator(login_required(login_url='/blog/login/'))
def dispatch(self, *args, **kwargs):
return super(LoggedIn, self).dispatch(*args, **kwargs)
class edit_view(LoggedIn, ListView):
model = Post
template_name = 'blog/edit_view.html'
context_object_name = 'blog_posts'
class PostUpdate(LoggedIn, UpdateView):
model = Post
template_name_suffix = '_update_form'
fields = ['title', 'author', 'body', 'categories']
def get_object(self):
slug = self.kwargs['postslug']
return Post.objects.get(postslug=slug)
来自blog.urls.py
url(r'^login/', views.LoginView.as_view(), name='login'),
url(r'^edit/(?P<postslug>[-\w\d]+)/$', views.PostUpdate.as_view(), name='update'),
对于浏览器呈现的html和js,我在http://ec2-52-5-103-99.compute-1.amazonaws.com:8001/blog/login/打开了我的开发实例,以便您可以使用实际呈现的模板为自己重现错误。 为此,我创建了一个用户:sample_user,密码:password。
非常感谢任何建议!我是Django的一个菜鸟,Stack Overflow等等,但我真的很想遵循最佳实践。
尝试登录的标题:
General:
Remote Address:52.5.103.99:8001
Request URL:http://ec2-52-5-103-99.compute-1.amazonaws.com:8001/blog/login/
Request Method:POST
Status Code:403 FORBIDDEN
Response Headers
view source
Content-Type:text/html
Date:Thu, 23 Apr 2015 16:56:07 GMT
Server:WSGIServer/0.1 Python/2.7.9
X-Frame-Options:SAMEORIGIN
Request Headers
view source
Accept:text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,*/*;q=0.8
Accept-Encoding:gzip, deflate
Accept-Language:en-US,en;q=0.8
Cache-Control:no-cache
Connection:keep-alive
Content-Length:97
Content-Type:application/x-www-form-urlencoded
Cookie:IGFB={"user":{"name":"simplicedolce","id":"1193622126","count":"205"}}; csrftoken=5w6VuL8OpnTn676yhlGN5UCWI5h7gdE1
Host:ec2-52-5-103-99.compute-1.amazonaws.com:8001
Origin:http://ec2-52-5-103-99.compute-1.amazonaws.com:8001
Pragma:no-cache
Referer:http://ec2-52-5-103-99.compute-1.amazonaws.com:8001/blog/login/
User-Agent:Mozilla/5.0 (Macintosh; Intel Mac OS X 10_10_1) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/42.0.2311.90 Safari/537.36
Form Data
view source
view URL encoded
csrfmiddlewaretoken:5w6VuL8OpnTn676yhlGN5UCWI5h7gdE1
username:sample_user
password:password
next:
答案 0 :(得分:0)
您必须专门将标记添加到模板的表单部分,基于类的视图:
<form action="." method="post">{% csrf_token %}