Django管理員登錄返回Forbidden 403 CSRF驗證失敗。請求中止

Question

對Django來說很新。在Django網站上的民意調查教程之後，完成第二個項目。先前的努力進展順利，儘管很簡單。這次訪問管理員登錄遇到問題。

我創建了一個超級用戶，並使用這些憑據，當我嘗試登錄到http://127.0.0.1:8000/admin/login/?next=/admin/我得到以下錯誤：

Forbidden (403) 
CSRF verification failed. Request aborted. 
Reason given for failure: 
    CSRF cookie not set. 

看着this和this，大多數的答案要麼詳細清除瀏覽器Cookie（這樣做），包括'django.middleware.csrf.CsrfViewMiddleware'在您的中間件（我這樣做），或創建一個豁免或解決方法。

1）我的問題是爲什麼管理員門戶現在似乎不工作，但它爲我以前的項目，我遵循相同的步驟？

2）管理面板的屬性不應該通過項目啓動繼承嗎？

3）如果the documentation表示默認激活CSRF中間件，我將如何設置CSRF for admin？

感謝您的任何幫助。

settings.py

""" 
Django settings for aptly project. 

Generated by 'django-admin startproject' using Django 1.9.7. 

For more information on this file, see 
https://docs.djangoproject.com/en/1.9/topics/settings/ 

For the full list of settings and their values, see 
https://docs.djangoproject.com/en/1.9/ref/settings/ 
""" 

import os 
import dj_database_url 

from .secret_settings import * 

# Build paths inside the project like this: os.path.join(BASE_DIR, ...) 
BASE_DIR = os.path.dirname(os.path.dirname(__file__)) 

PROJECT_ROOT = os.path.abspath(os.path.dirname(__file__)) 
PROJECT_DIR = os.path.join(PROJECT_ROOT,'../search') 


# Quick-start development settings - unsuitable for production 
# See https://docs.djangoproject.com/en/1.9/howto/deployment/checklist/ 

# SECURITY WARNING: don't run with debug turned on in production! 
DEBUG = True 

ALLOWED_HOSTS = [] 



# Application definition 

INSTALLED_APPS = [ 
    'django.contrib.admin', 
    'django.contrib.auth', 
    'django.contrib.contenttypes', 
    'django.contrib.sessions', 
    'django.contrib.messages', 
    'django.contrib.staticfiles', 
    'search', 
] 

MIDDLEWARE_CLASSES = [ 
    'django.middleware.security.SecurityMiddleware', 
    'django.contrib.sessions.middleware.SessionMiddleware', 
    'django.middleware.common.CommonMiddleware', 
    'django.middleware.csrf.CsrfViewMiddleware', 
    'django.contrib.auth.middleware.AuthenticationMiddleware', 
    'django.contrib.auth.middleware.SessionAuthenticationMiddleware', 
    'django.contrib.messages.middleware.MessageMiddleware', 
    'django.middleware.clickjacking.XFrameOptionsMiddleware', 
] 

ROOT_URLCONF = 'aptly.urls' 

TEMPLATES = [ 
    { 
     'BACKEND': 'django.template.backends.django.DjangoTemplates', 
     'DIRS': [], 
     'APP_DIRS': True, 
     'OPTIONS': { 
      'context_processors': [ 
       'django.template.context_processors.debug', 
       'django.template.context_processors.request', 
       'django.contrib.auth.context_processors.auth', 
       'django.contrib.messages.context_processors.messages', 
      ], 
     }, 
    }, 
] 

WSGI_APPLICATION = 'aptly.wsgi.application' 


# Database 
# https://docs.djangoproject.com/en/1.9/ref/settings/#databases 

DATABASES = { 
    'default': { 
     "ENGINE": "django.db.backends.postgresql_psycopg2", 
     "NAME": "db_name", 
     "USER": "me", 
     "PASSWORD": "", 
     "HOST": "localhost", 
     "PORT": "", 
    } 
} 

# Password validation 
# https://docs.djangoproject.com/en/1.9/ref/settings/#auth-password-validators 

AUTH_PASSWORD_VALIDATORS = [ 
    { 
     'NAME': 'django.contrib.auth.password_validation.UserAttributeSimilarityValidator', 
    }, 
    { 
     'NAME': 'django.contrib.auth.password_validation.MinimumLengthValidator', 
    }, 
    { 
     'NAME': 'django.contrib.auth.password_validation.CommonPasswordValidator', 
    }, 
    { 
     'NAME': 'django.contrib.auth.password_validation.NumericPasswordValidator', 
    }, 
] 


# Internationalization 
# https://docs.djangoproject.com/en/1.9/topics/i18n/ 

LANGUAGE_CODE = 'en-us' 

TIME_ZONE = 'UTC' 

USE_I18N = True 

USE_L10N = True 

USE_TZ = True 


# Static files (CSS, JavaScript, Images) 
# https://docs.djangoproject.com/en/1.9/howto/static-files/ 

STATIC_URL = '/static/' 
STATIC_ROOT = os.path.join(BASE_DIR, 'static_root') 

# Extra places for collectstatic to find static files. 
STATICFILES_DIRS = (
    os.path.join(PROJECT_DIR, 'static'), 
) 

# Simplified static file serving. 
# https://warehouse.python.org/project/whitenoise/ 

STATICFILES_STORAGE = 'whitenoise.django.GzipManifestStaticFilesStorage' 

#DATABASES['default'] = dj_database_url.config() 

urls.py

from django.conf.urls import patterns, include, url 
from django.contrib import admin 
from . import views 

urlpatterns = [ 
    url(r'^$', views.index, name='index'), 
    url(r'^admin/', admin.site.urls), 
] 

目錄

project 
-aptly 
--settings.py 
--urls.py 
--wsgi.py 
-search 
--templates 
---index.html 
--models.py 
--urls.py 
--views.py 
manage.py 

Answer 1

要設置SECURE_PROXY_SSL_HEADER = ('HTTP_X_FORWARDED_PROTO', 'https') 刪除此行，看看是否可以解決您的問題。如果您啓用https csrf will work only as per the specifications of https。您有可能啓用https並從非https服務器爲您的網站提供服務。此外，您是否在清除Cookie後或以私密/隱身模式在另一個瀏覽器中嘗試過？有時發生此錯誤的原因是csrf cookie is not set correctly。從瀏覽器控制檯嘗試inspecting your request/response headers。

Answer 2

我不知道爲什麼這是答案，但我進去並更新我的Django到當前版本。無論出於何種原因，這解決了這個問題...

pip install --upgrade django==1.10.2 

Answer 3

同樣的問題也發生在我身上。

其實，問題是，我Django應用程序沒有使用依賴從虛擬環境即使它被激活。

我已經安裝了的Django 1.8在我的系統和的Django 1.11.2在虛擬環境。

所以問題出在Django版本。

最後，我已解決的問題如下，

1）刪除/重命名的virtualenv和創建新的

rm -rf venv && virtualenv venv 

2）上活化的virtualenv

MAC

source ./venv/bin/activate 

在Windows

.\venv\Scripts\activate 

3）安裝依賴從PIP-requirements.txt文件（如果有，否則你將需要單獨安裝依賴）

pip install -r pip-requirements.txt 

4）之後，我開始啓動開發服務器（python manage.py runserver）並嘗試登錄。它會工作。

檢查pip freeze does not show all installed packages也。