关于Django出现CSRF token missing or incorrect.问题解决办法(参考官方文档)
2011-09-27 20:50
836 查看
How to use it
To enable CSRF protection for your views, follow these steps:Add the middleware'django.middleware.csrf.CsrfViewMiddleware' to your list ofmiddleware classes,
MIDDLEWARE_CLASSES. (It should comebefore any view middleware that assume that CSRF attacks havebeen dealt with.)
Alternatively, you can use the decoratorcsrf_protect()
on particular viewsyou want to protect (see below).
In any template that uses a POST form, use the
csrf_token tag insidethe
<form> element if the form is for an internal URL, e.g.:
<form action="." method="post">{% csrf_token %}
This should not be done for POST forms that target external URLs, sincethat would cause the CSRF token to be leaked, leading to a vulnerability.
In the corresponding view functions, ensure that the'django.core.context_processors.csrf' context processor isbeing used. Usually, this can be done in one of two ways:
Use RequestContext, which always uses'django.core.context_processors.csrf' (no matter what yourTEMPLATE_CONTEXT_PROCESSORS setting). If you are usinggeneric views or contrib apps, you
are covered already, since theseapps use RequestContext throughout.
Manually import and use the processor to generate the CSRF token andadd it to the template context. e.g.:
from django.core.context_processors import csrf from django.shortcuts import render_to_response def my_view(request): c = {} c.update(csrf(request)) # ... view code here return render_to_response("a_template.html", c)
You may want to write your ownrender_to_response()
wrapper that takes careof this step for you.
The utility script extras/csrf_migration_helper.py can help to automate thefinding of code and templates that may need these steps. It contains full helpon how to use it.
网上大多说使用前两种方法可以解决问题,但第三种情况还是值得注意下。
附官方文档地址:https://docs.djangoproject.com/en/dev/ref/contrib/csrf/
相关文章推荐
- 关于django1.7.7使用ajax后出现“CSRF token missing or incorrect”问题的解决办法
- 关于django1.7.7使用ajax后出现“CSRF token missing or incorrect”问题的解决办法
- Django报错403 Forbidden. CSRF token missing or incorrect的解决办法
- Django报错403 Forbidden. CSRF token missing or incorrect的解决办法
- 解决django出现CSRF token missing or incorrect.错误
- 关于Django中CSRF token missing or incorrect报错的处理办法
- django 1.2.1更新后 关于CSRF token missing or incorrect的问题
- django中使用ajax传输数据出现Forbidden (CSRF token missing or incorrect.): /index/mark/
- django中使用POST方法 使用ajax后出现“CSRF token missing or incorrect”
- "CSRF token missing or incorrect."的解决办法
- [已解决]CSRF verification failed. Request aborted. CSRF token missing or incorrect.
- django, CSRF token missing or incorrect
- "CSRF token missing or incorrect."的解决方法.
- django CSRF token missing or incorrect
- django, CSRF token missing or incorrect
- django CSRF token missing or incorrect.
- Django提交表单报错-CSRF token missing or incorrect.
- 终极版django, CSRF token missing or incorrect
- 关于TP5视图分离到根目录的解决方法 原有: 为了方便前端开发,我想把视图(view)部分分离出来专门给前端进行修改 过程:在进行视图设置分离的过程遇到了问题 参考了官方文档http://www
- Django提交表单出错”django, CSRF token missing or incorrect”