使用django提交form表单时,提交方式为post,总是提交不成功,报错如下:
Forbidden (403)
CSRF verification failed. Request aborted.
Help
Reason given for failure:
CSRF token missing or incorrect.
In general, this can occur when there is a genuine Cross Site Request Forgery, or when Django's CSRF mechanism has not been used correctly. For POST forms, you need to ensure:
Your browser is accepting cookies.
The view function uses
RequestContext
for the template, instead ofContext
.In the template, there is a
{% csrf_token %}
template tag inside each POST form that targets an internal URL.If you are not using
CsrfViewMiddleware
, then you must usecsrf_protect
on any views that use thecsrf_token
template tag, as well as those that accept the POST data.
You're seeing the help section of this page because you have DEBUG = True
in your Django settings file. Change that to False
, and only the initial error message will be displayed.
You can customize this page using the CSRF_FAILURE_VIEW setting.
虽然按照上面所说的方法:
第一种:在表单里加上{% csrf_token %}就行了。
第二种方法是在Settings里的MIDDLEWARE_CLASSES增加配置:
'django.middleware.csrf.CsrfViewMiddleware',
'django.middleware.csrf.CsrfResponseMiddleware',
都加上了,但是并没有什么用,网上查资料才找到答案,从view到页面时候,我是酱紫的:
from django.shortcuts import * from contact.forms import ContactForm def contact(request): if request.method=='POST': form= ContactForm(request.POST) if form.is_valid(): cd = form.cleaned_data send_mail( cd['subject'], cd['message'], cd.get('email', '[email protected]'), ['[email protected]'], ) return HttpResponseRedirect('/contact/thanks/') else: form=ContactForm() return render_to_response('contact_form.html', {'form': form})
首先request没有post方法,进入else,显示的为contact_form.html页面,此时报错,网上有一种说法,必须要使用RequestContext对象,
return render_to_response('contact_form.html', {'form': form},context_instance=RequestContext(request))
将else中的语句加入RequestContext后,成功!