爲什麼它給403禁止的錯誤？

Question

我是新的python我正試圖編寫代碼從數據庫中提取數據，而甲骨文檢查用戶是否註冊或沒有。此代碼是爲web應用程序但它給403：禁止錯誤。我無法識別是否問題在代碼或它需要更多的配置，我在Windows 7

---

 import logging 
     import tornado.escape 
     import tornado.ioloop 
     import tornado.options 
     import tornado.web 
     import tornado.websocket 
     import os.path 
     import uuid 
     import time 
     import cx_Oracle 

     from tornado.options import define, options 

     define("port", default=5000, help="run on the given port", type=int) 


     class Application(tornado.web.Application): 
     def __init__(self): 
      handlers = [(r"/", MainHandler),(r"/loggedin/page", UserIndex),] 
      settings = dict(
      cookie_secret="__TODO:_GENERATE_YOUR_OWN_RANDOM_VALUE_HERE__", 
      template_path=os.path.join(os.path.dirname(__file__), "templates"), 
      static_path=os.path.join(os.path.dirname(__file__), "static"), 
      xsrf_cookies=True, 
       autoescape=None, 
       ) 
      tornado.web.Application.__init__(self, handlers, **settings) 


     class MainHandler(tornado.web.RequestHandler): 
      def get(self): 
      self.render("mainPage.html") 

     class UserIndex(tornado.web.RequestHandler): 
      def post(self): 
       userid=self.get_argument('userid') 
       pwd=self.get_argument('pwd') 
       con=cx_Oracle.connect('system','system','localhost:1521/XE') 
       c=con.cursor() 
       coun=c.execute("select count(*) from dmsuser where email= '%s' and pwd       ='%s'" %(userid,pwd)) 
      con.close() 
       if coun.fetchone()==(1,): 
       self.render('loggedinPage.html') 
       else: 
       self.render('mainPage.html') 

     def main(): 
     tornado.options.parse_command_line() 
     app = Application() 
     app.listen(options.port) 
     tornado.ioloop.IOLoop.instance().start() 


    if __name__ == "__main__": 
     main() 

Answer 1

工作沒有模板，我不能肯定，但我的猜測是你不包括POST請求XSRF數據。既然你已經在應用配置中設置xsrf_cookies=True，您需要在您的表單模板的XSRF數據：

<form method="post" action="..."> 
    {% module xsrf_form_html() %} 
    ... 
</form>