我的Django网站使用HTTPS。当我尝试从脚本向网站发布数据时,我收到此错误:“引用检查失败 - 没有Referer”。这似乎是一个CSRF问题,但我不知道如何解决它。
示例:
import requests
r = requests.post('https://mywebsite/mypage', data = {'key':'value'})
print r.text
给了我这个输出:
[...]
<p>Reason given for failure:</p>
<pre>
Referer checking failed - no Referer.
</pre>
<p>In general, this can occur when there is a genuine Cross Site Request Forgery, or when
<a
href="https://docs.djangoproject.com/en/1.8/ref/csrf/">Django's
CSRF mechanism</a> has not been used correctly. For POST forms, you need to
ensure:</p>
<ul>
<li>Your browser is accepting cookies.</li>
<li>The view function passes a <code>request</code> to the template's <a
href="https://docs.djangoproject.com/en/dev/topics/templates/#django.template.backends.base.Template.render"><code>render</code></a>
method.</li>
<li>In the template, there is a <code>{% csrf_token
%}</code> template tag inside each POST form that
targets an internal URL.</li>
<li>If you are not using <code>CsrfViewMiddleware</code>, then you must use
<code>csrf_protect</code> on any views that use the <code>csrf_token</code>
template tag, as well as those that accept the POST data.</li>
</ul>
[...]
在发送POST数据之前,是否需要将引用者传递给我的标题 - 这不方便?或者我应该为此页面禁用CSRF吗?
由于
答案 0 :(得分:2)
AFAIK,这是CSRF的目的,以避免从未知的奇怪来源发布数据。您需要csrf令牌来发布django动态生成的内容。