我有一个django自定义用户登录表单,当用户登录时出现以下错误显示 请帮忙
Forbidden (403)
CSRF verification failed. Request aborted.
Help
Reason given for failure:
CSRF token missing or incorrect.
以下错误显示在终端
中 UserWarning: A {% csrf_token %} was used in a t
emplate, but the context did not provide the value. This is usually caused by not using RequestContext.
"A {% csrf_token %} was used in a template, but the context "
[08/May/2018 23:44:13] "GET /login/ HTTP/1.1" 200 7798
这是我的观点
@csrf_protect
def user_login(request):
context = RequestContext(request)
if request.POST:
username = request.POST.get('username')
password = request.POST.get('username')
user = authenticate(username=username, password=password)
if user is not None:
if user.is_active:
login(request, user)
return render_to_response('app/index.html', context_instance=RequestContext(request))
else:
return HttpResponse("You're account is disabled.")
else:
return render_to_response('app/login.html', context_instance=RequestContext(request))
else:
return render_to_response('app/login.html', {}, context)

这是我的登录HTML代码
<form class="form-horizontal" name="LoginForm" action="/login/" method="post">
{% csrf_token %}
{% if next %}
<input type="hidden" name="next" value="{{ next }}" />
{% endif %}
&#13;
怎么做?当用户成功登录User_Profile模板时,如果网址仍为http://127.0.0.1:8000/login/,我想将网址更改为http://127.0.0.1:8000/students_profile
这是URL
url(r'^students_profile/', views.IndexView.as_view(), name='students_profile'),
&#13;
这是登录表单
<form class="form-horizontal" name="LoginForm" action="." method="post">
{% csrf_token %}
{% if next %}
<input type="hidden" name="next" value="{{ next }}" />
{% endif %}
&#13;
答案 0 :(得分:0)
嘿请检查你的views.py我还没有看到你的代码,但我想你可能在没有RequestContext的情况下渲染了为什么会出现上面的错误。所以你最好使用
render(request, 'template_name', {params});
来自docs render()与使用context_instance参数调用render_to_response()相同,后者强制使用RequestContext。
答案 1 :(得分:0)
您的模板已受{% csrf_token %}
保护,无需在您的视图中添加装饰器:
此外,您可以使用render
django.shortcuts
,而不是使用render_to_response。
我稍微减少了你的代码,最好使用
from django.contrib import messages
def user_login(request):
if request.POST:
username = request.POST.get('username')
password = request.POST.get('password')
user = authenticate(username=username, password=password)
if user:
if user.is_active:
login(request, user)
return render(request,'app/index.html',{})
# the else statement
return HttpResponse("You're account is disabled.")
# the else statement
messages.add_message(request,messages.WARNING,'Credentials invalid')
return render(request,'app/login.html', {})
模板中的检索如下消息:
{% if messages %}
<ul class="messages">
{% for message in messages %}
<li{% if message.tags %} class="{{ message.tags }}"{% endif %}>{{ message }}</li>
{% endfor %}
</ul>
{% endif %}