添加@csrf_exempt的位置是错误的吗?

时间:2017-08-02 08:26:32

标签: python swift django

我想连接我的Swift app& Python Django Server发送图像(我想将图像从Swift应用程序发送到服务器)当我尝试这样做时,我在Xcode中出错了

<div id="info">
  <h2>Help</h2>

    <p>Reason given for failure:</p>
    <pre>
    CSRF cookie not set.
    </pre>


  <p>In general, this can occur when there is a genuine Cross Site Request Forgery, or when
  <a
  href="https://docs.djangoproject.com/en/1.10/ref/csrf/">Django's
  CSRF mechanism</a> has not been used correctly.  For POST forms, you need to
  ensure:</p>

  <ul>
    <li>Your browser is accepting cookies.</li>

    <li>The view function passes a <code>request</code> to the template's <a
    href="https://docs.djangoproject.com/en/dev/topics/templates/#django.template.backends.base.Template.render"><code>render</code></a>
    method.</li>

    <li>In the template, there is a <code>{% csrf_token
    %}</code> template tag inside each POST form that
    targets an internal URL.</li>

    <li>If you are not using <code>CsrfViewMiddleware</code>, then you must use
    <code>csrf_protect</code> on any views that use the <code>csrf_token</code>
    template tag, as well as those that accept the POST data.</li>

    <li>The form has a valid CSRF token. After logging in in another browser
    tab or hitting the back button after a login, you may need to reload the
    page with the form, because the token is rotated after a login.</li>
  </ul>

  <p>You're seeing the help section of this page because you have <code>DEBUG =
  True</code> in your Django settings file. Change that to <code>False</code>,
  and only the initial error message will be displayed.  </p>

  <p>You can customize this page using the CSRF_FAILURE_VIEW setting.</p>
</div>

</body>
</html>

所以,我认为需要在Django Server中添加csrf装饰器。我把它添加到我的代码中,如

from django.contrib.auth.forms import AuthenticationForm
from django.contrib.auth.decorators import login_required
from django.http import HttpResponse
from django.shortcuts import render, redirect
from django.views.decorators.http import require_POST
from .forms import RegisterForm
from django.contrib.auth import authenticate, login
from .models import Post
from .forms import UserImageForm
from .models import ImageAndUser
from django.views.decorators.csrf import csrf_exempt
@csrf_exempt
def upload_save(request):

    photo_id = request.POST.get("p_id", "")

    if (photo_id):
        photo_obj = Post.objects.get(id=photo_id)
    else:
        photo_obj = Post()

    files = request.FILES.getlist("files[]")


    photo_obj.image = files[0]
    # photo_obj.image2 = files[1]
    # photo_obj.image3 = files[2]

    photo_obj.save()
    # return render(request, "registration/accounts/photo.html")

    photos = Post.objects.all()
    context = {
        'photos': photos,
    }
    return render(request, 'registration/accounts/photo.html', context)

但是当我在Swift应用程序中做同样的事情时,发生了完全相同的错误。 我认为添加@csrf_exempt的位置是错误的,但我不知道如何解决这个问题。也许@csrf_exempt的位置还可以,另一点是错的,我不知道。 我的发送网址是用Swift写的http://localhost:8000/admin/accounts/post/42/change/。 在Django方面,MyAPP的urls.py是

from django.conf import settings
from django.conf.urls import include, url
from django.conf.urls.static import static
from django.contrib import admin
from django.contrib.staticfiles.urls import staticfiles_urlpatterns

urlpatterns = [
    url(r'^admin/', admin.site.urls),
    url(r'^accounts/', include('accounts.urls')),
    url(r'^api/', include('UserToken.urls')),
    url(r'^accounts/', include('accounts.urls', namespace='accounts')),
    url(r'^ResultJSON/', include('ResultJSON.urls')),
    url(r'^api/1.0/', include('accounts.api_urls', namespace='api')),
    url(r'^api/1.0/login/', include('accounts.apitoken_urls', namespace='apilogin')),

 ] +static(settings.MEDIA_URL,document_root=settings.MEDIA_ROOT)

帐户的urls.py是

from django.conf.urls import url
from . import views
from django.contrib.auth.views import login, logout
from django.views.generic import TemplateView

urlpatterns = [
    url(r'^login/$', login,
        {'template_name': 'registration/accounts/login.html'},
        name='login'),
    url(r'^logout/$', logout, name='logout'),
    url(r'^regist/$', views.regist,name='regist' ),
    url(r'^regist_save/$', views.regist_save, name='regist_save'),
    url(r'^profile/$', views.profile, name='profile'),
    url(r'^photo/$', views.photo, name='photo'),
    url(r'^upload/(?P<p_id>\d+)/$', views.upload, name='upload'),
    url(r'^upload_save/$', views.upload_save, name='upload_save'),
    url(r'^kenshinresults$', TemplateView.as_view(template_name='registration/accounts/kenshin_result.html'),
        name='kenshinresults'),
    url(r'^tcresults$', views.tc,name='tcresults'),
]

请告诉我有什么问题。

1 个答案:

答案 0 :(得分:0)

/admin/accounts/post/42/change/是Django管理员中的一个网址。您使用upload_save装饰器的csrf_exempt视图会在您的网址配置中与/accounts/upload_save/连接。