在django中利用comments功能,发生错误,错误信息如下:
Forbidden
(403)CSRF verification failed. Request aborted.
Help
Reason given for failure:
CSRF token missing or incorrect.
In general, this can occur when there is a genuine Cross Site Request Forgery, or when Django's CSRF mechanism has not been used correctly. For POST forms, you need to ensure:
- Your browser is accepting cookies.
- The view function uses RequestContext for the template, instead of Context.
- In the template, there is a {% csrf_token %} template tag inside each POST form that targets an internal URL.
- If you are not using CsrfViewMiddleware, then you must use csrf_protect on any views that use the csrf_token template tag, as well as those that accept the POST data.
You're seeing the help section of this page because you have DEBUG = True in your Django settings file. Change that to False, and only the initial error message will be displayed.
You can customize this page using the CSRF_FAILURE_VIEW setting.
解决方法:
1.其实也没有什么解决方法,其实在错误信息里边已经说了,“
The view function uses RequestContext for the template, instead of Context”
通常情况下,我们在view里边通常是这么做:
- def archive(request,text_id):
- all_posts = TextBody.objects.all()
- posts = all_posts.filter(id=text_id)
- t= loader.get_template('content.html')
- c = Context({'posts':posts})
- return HttpResponse( t.render(c) )
务必将 Context修改为RequestContext,修改后为 c = RequestContext(request,{'posts':posts})
务必在文件头引入: from django.template import loader,Context,RequestContext
2.在Html模板中加入csrf标签:
- <table>
- <form action="{% comment_form_target %}" method="post">
- {% csrf_token %}
- {{ form }}
- <tr>
- <td colspan="2">
- <input type="submit" name="submit" value="Post">
- <input type="submit" name="preview" value="Preview">
- </td>
- </tr>
- </form>
- </table>
阅读(4376) | 评论(0) | 转发(0) |