Django失敗時的CSRF

Question

爲什麼在{％csrf_token％}的存在下我得到的是以下錯誤？

禁止（403） CSRF驗證失敗。請求中止。

這是我使用的一個示例視圖，這麼久。

view.py

def editModel(self,request, offset): 
     if 'user' in request.session : 
      user = request.session['user'] 
      if request.method == 'POST': 
       if 'editModel' in request.POST: 
        offset = int(offset) 
        fields = ProfilModel.objects.filter(name=user) 
        workingModelsFiles = WorkingWithModelsFiles() 
        listModel = workingModelsFiles.getCurrentModel(user, offset) 
        modelView = self.listModels(user)[offset-1] 
        loadModels = "document.getElementById('x3dElement" + str(offset) + "').runtime.showAll();" 
        params = {'id ': offset, 
           'userName' : request.session['user'], 
           'surname' : fields[0].surname, 
           'listModel': listModel, 
           'model': modelView, 
           'bodyLoadModels': loadModels 
           } 
        params.update(csrf(request)) 
        return render_to_response('editModel.html', params) 

      else: 
       offset = int(offset) 
       fields = ProfilModel.objects.filter(name=user) 
       workingModelsFiles = WorkingWithModelsFiles() 
       listModel = workingModelsFiles.getCurrentModel(user, offset) 
       modelView = self.listModels(user)[offset-1] 
       loadModels = "document.getElementById('x3dElement" + str(offset) + "').runtime.showAll();" 
       params = {'id ': offset, 
          'userName' : request.session['user'], 
          'surname' : fields[0].surname, 
          'listModel': listModel, 
          'model': modelView, 
          'bodyLoadModels': loadModels 
          } 
       params.update(csrf(request)) 
       return render_to_response('editModel.html', params) 
     else: 
      return HttpResponseRedirect("/login/") 

它存在於模板{％csrf_token％}再次給我一個錯誤的CSRF

template.html

...... 
<div class="tab_container"> 
      <div id="tab1" class="tab_content"> 
       <table class="tablesorter" cellspacing="0"> 
       <tbody> 
       <form action="{% url 'edit_model' listModel.0.id_model %}" method="post" > 
       {% csrf_token %} 
        {% for item in listModel %} 
         <tr> 
          <td rowspan="3" style="width: 300px;"> {{ model | safe }} </td> 
          <td> Name Model: <i><input class="text_field" type="text" id='id_Model' name="Model" value="{{ item.modelName }}" /> </i> </td> 
         </tr> 

         <tr> 
          <td> Author: <i> <input class="text_field" type="text" id='id_Author' name="Author" value="{{ item.author }}" /> </i> </td> 
         </tr> 
         <tr> 
          <td> <input type="submit" name="editModel" value="Edit" /> </td> 
         </tr> 
        {% endfor %} 
       </form> 
       </tbody> 
       </table> 
      </div><!-- end of #tab1 --> 
....... 

settings.py

MIDDLEWARE_CLASSES = (
    'django.middleware.common.CommonMiddleware', 
    'django.contrib.sessions.middleware.SessionMiddleware', 
    'django.middleware.csrf.CsrfViewMiddleware', 
    'django.contrib.auth.middleware.AuthenticationMiddleware', 
    'django.contrib.messages.middleware.MessageMiddleware', 
    # Uncomment the next line for simple clickjacking protection: 
    # 'django.middleware.clickjacking.XFrameOptionsMiddleware', 
) 

Answer 1

您是否嘗試過使用RequestContext而不是params.update（csrf（request））？ 像：

params = {'id ': offset, 
      'userName' : request.session['user'], 
      'surname' : fields[0].surname, 
      'listModel': listModel, 
      'model': modelView, 
      'bodyLoadModels': loadModels 
      } 
ctx = RequestContext(request, params) 
return render_to_response('editModel.html', context_instance=ctx)