2013-02-23 209 views
3

我正在構建此維基文章,並且在嘗試保存數據時遇到錯誤。 我現在使用的是django 1.4.3,我使用的教程很老。所以我不認爲CSRF包含在舊版本中。Django CSRF驗證失敗。請求中止

Forbidden (403) 

CSRF verification failed. Request aborted. 
Help 

Reason given for failure: 

    CSRF token missing or incorrect 
    In general, this can occur when there is a genuine Cross Site Request Forgery, or when Django's CSRF mechanism has not been used correctly. For POST forms, you need to ensure: 

Your browser is accepting cookies. 
The view function uses RequestContext for the template, instead of Context. 
In the template, there is a {% csrf_token %} template tag inside each POST form that targets an internal URL. 
If you are not using CsrfViewMiddleware, then you must use csrf_protect on any views that use the csrf_token template tag, as well as those that accept the POST data. 

我認爲這個問題是在我的模板,但我會列出我的views.py反正

我的看法是:

from wiki.models import Page 
from django.shortcuts import render_to_response 
from django.http import HttpResponseRedirect 
def view_page(request,page_name): 
    try: 
     page = Page.objects.get(pk=page_name) 
    except Page.DoesNotExist: 
     return render_to_response("create.html",{"page_name":page_name}) 
    content = page.content 
    return render_to_response("view.html",{"page_name":page_name , "content":content}) 
def edit_page(request,page_name): 
    try: 
     page = Page.objects.get(pk=page_name) 
     content = page.content 
    except Page.DoesNotExist: 
     content = "" 
    return render_to_response("edit.html",{"page_name":page_name, "content":content}) 
def save_page(request , page_name): 
    content = request.POST.get('content', 'this is the default') 
    try: 
     page = Page.objects.get(pk = page_name) 
     page.content = content 
    except Page.DoesNotExist: 
     page = Page(name= page_name , content=content) 
     page.save() 
     return HttpResponseRedirect("/wikicamp/" + page_name + "/") 

我create.html上

<html> 
    <head> 
     <title>{{page.name}} - Create </title> 
    </head> 
    <body> 
    <h1>{{page_name}} </h1> 
    This page does not exist. <a href="/wikicamp/{{page_name}}/edit/">Create?  </a> 
</body> 
</html> 

我的edit.html,我在裏面添加了{%csrf_token%},但似乎失敗了。

<html> 
<head> 
    <title>{{page_name - Editing</title> 
</head> 
<body> 
    <h1>Editing {{page_name}} </h1> 
    <form method = "post" action="/wikicamp/{{page_name}}/save/"> {% csrf_token %} 
      <textarea name="content" rows="20" cols="60"> {{content}} 
    </textarea><br/>  
     <input type="submit" value="Save Page"/> 
     </form> 
    </body> 
    </html> 

我views.py模板

<html> 
<head> 
    <title>{{page_name}}</title> 
</head> 
<body> 
    <h1>{{page_name}} </h1> 
    {{content}} 
    <hr/> 
    <a href="/wikicamp/{{page_name}}/edit/">Edit this page ?</a> 
</body> 
    </html> 

我的URL配置:

from django.conf.urls import patterns, include, url 
    from django.contrib import admin 
    from django.conf import settings 

    admin.autodiscover() 
    urlpatterns = patterns('', 

     url(r'^admin/', include(admin.site.urls)), 
     url(r'^wikicamp/(?P<page_name>[^/]+)/edit/$','wiki.views.edit_page'), 
     url(r'^wikicamp/(?P<page_name>[^/]+)/save/$','wiki.views.save_page'), 
     url(r'^wikicamp/(?P<page_name>[^/]+)/$','wiki.views.view_page'), 

) 

我怎麼能解決這個prooblem?

+0

使用context_instance = RequestContext的(要求) – burning 2013-02-23 11:53:47

+0

好了,你能不能在你的答案擴大。 Pleaes – donkeyboy72 2013-02-23 11:55:54

回答

1

添加context_instance = RequestContext的(要求)的每一個將要使用它裏面的表單視圖: 看來你是不及格的背景處理器

from wiki.models import Page 
from django.shortcuts import render_to_response 
from django.http import HttpResponseRedirect 
def view_page(request,page_name): 
    try: 
     page = Page.objects.get(pk=page_name) 
    except Page.DoesNotExist: 
     return render_to_response("create.html",{"page_name":page_name}) 
    content = page.content 
    return render_to_response("view.html",{"page_name":page_name , "content":content}, context_instance=RequestContext(request)) 
def edit_page(request,page_name): 
    try: 
     page = Page.objects.get(pk=page_name) 
     content = page.content 
    except Page.DoesNotExist: 
     content = "" 
    return render_to_response("edit.html",{"page_name":page_name, "content":content}, context_instance=RequestContext(request)) 
def save_page(request , page_name): 
    content = request.POST.get('content', 'this is the default') 
    try: 
     page = Page.objects.get(pk = page_name) 
     page.content = content 
    except Page.DoesNotExist: 
     page = Page(name= page_name , content=content) 
     page.save() 
     return HttpResponseRedirect("/wikicamp/" + page_name + "/") 

試用一下這個。

不過你所得到的問題,請張貼的URL也的.py

+0

它應該工作yar – masterofdestiny 2013-02-23 12:12:18

+0

謝謝你的哥們。你是善良的人。 – donkeyboy72 2013-02-23 12:14:03

2

from django.template import RequestContext

return render_to_response('contact_form.html', {'errors': errors}, context_instance=RequestContext(request))

,並使用csrf_token標籤裏面的元素如果表單對於內部URL,例如:

"form action="" method="post">{% csrf_token %}" 

reference

相關問題