禁止(403)CSRF验证失败请求中止

时间:2016-12-15 06:46:05

标签: django django-forms django-views django-middleware

我在论坛中尝试了大多数响应同时出现403错误,但没有运气!此注册码最初来自探戈与django网站,但它不适用于django 1.10。

任何帮助将不胜感激,这是我使用的文件:

views.py:

def register(request):
    # Like before, get the request's context.
    context = RequestContext(request)

    # A boolean value for telling the template whether the registration was successful.
    # Set to False initially. Code changes value to True when registration succeeds.
    registered = False

    # If it's a HTTP POST, we're interested in processing form data.
    if request.method == 'POST':
        # Attempt to grab information from the raw form information.
        # Note that we make use of both UserForm and UserProfileForm.
        user_form = UserForm(data=request.POST)
        profile_form = UserProfileForm(data=request.POST)

        # If the two forms are valid...
        if user_form.is_valid() and profile_form.is_valid():
            # Save the user's form data to the database.
            user = user_form.save()

            # Now we hash the password with the set_password method.
            # Once hashed, we can update the user object.
            user.set_password(user.password)
            user.save()

            # Now sort out the UserProfile instance.
            # Since we need to set the user attribute ourselves, we set commit=False.
            # This delays saving the model until we're ready to avoid integrity problems.
            profile = profile_form.save(commit=False)
            profile.user = user

            # Did the user provide a profile picture?
            # If so, we need to get it from the input form and put it in the UserProfile model.
            if 'picture' in request.FILES:
                profile.picture = request.FILES['picture']

            # Now we save the UserProfile model instance.
            profile.save()

            # Update our variable to tell the template registration was successful.
            registered = True

        # Invalid form or forms - mistakes or something else?
        # Print problems to the terminal.
        # They'll also be shown to the user.
        else:
            print (user_form.errors, profile_form.errors)

    # Not a HTTP POST, so we render our form using two ModelForm instances.
    # These forms will be blank, ready for user input.
    else:
        user_form = UserForm()
        profile_form = UserProfileForm()

    # Render the template depending on the context.
    return render_to_response(
            'heaven/register.html',
            {'user_form': user_form, 'profile_form': profile_form, 'registered': registered},
            context)

urls.py:

from django.conf.urls import url
from . import views

urlpatterns = [
    url(r'^$', views.home,name='home'),
    url(r'^home/', views.home, name='home'),
    url(r'^register/', views.register, name='register'), # ADD NEW PATTERN!
]

html模板:

<!DOCTYPE html>
<html>
    <head>
        <title>Heavenly</title>
        <style> 
        *{font-family:Arial}
        h1 {color:red;}

        </style>
    </head>

    <body>
        <h1>Register with Heavenly</h1>

        {% if registered %}
            <strong>thank you for registering!</strong>
        <a href="/home/">Return to the homepage.</a><br />
        {% else %}
            <strong>register here!</strong><br />

        <form id="user_form" method="post" action="/register/"
                enctype="multipart/form-data">

            {% csrf_token %}

            <!-- Display each form. The as_p method wraps each element in a paragraph
                 (<p>) element. This ensures each element appears on a new line,
                 making everything look neater. -->
            {{ user_form.as_p }}
            {{ profile_form.as_p }}

            <!-- Provide a button to click to submit the form. -->
            <input type="submit" name="submit" value="Register" />
        </form>
        {% endif %}
    </body>
</html>

1 个答案:

答案 0 :(得分:2)

https://docs.djangoproject.com/en/1.10/releases/1.10/#features-removed-in-1-10

  

删除以下函数的dictionary和context_instance参数:

     
      
  • django.shortcuts.render()
  •   
  • django.shortcuts.render_to_response()
  •   
  • django.template.loader.render_to_string()
  •   

改为使用render

https://docs.djangoproject.com/en/1.10/topics/http/shortcuts/#render