django中的csrf错误

Question

我想实现我的网站登录.我基本上将Django Book中的以下位复制并粘贴在一起.但是,在提交我的注册表单时,我仍然收到错误(CSRF验证失败.请求中止.).有人可以告诉我是什么引发了这个错误以及如何解决它？

这是我的代码:

views.py:

# Create your views here.
from django import forms
from django.contrib.auth.forms import UserCreationForm
from django.http import HttpResponseRedirect
from django.shortcuts import render_to_response

def register(request):
    if request.method == 'POST':
        form = UserCreationForm(request.POST)
        if form.is_valid():
            new_user = form.save()
            return HttpResponseRedirect("/books/")
    else:
        form = UserCreationForm()
    return render_to_response("registration/register.html", {
        'form': form,
    })

register.html:

<html>
<body>

{% block title %}Create an account{% endblock %}

{% block content %}
  <h1>Create an account</h1>

  <form action="" method="post">{% csrf_token %}
      {{ form.as_p }}
      <input type="submit" value="Create the account">
  </form>
{% endblock %}
</body>
</html>

Answer 1

我遇到了同样的问题 - 而Blue Peppers的回答让我走上正轨.在表单视图中添加RequestContext可以解决问题.

from django.template import RequestContext

和:

def register(request):
    if request.method == 'POST':
        form = UserCreationForm(request.POST)
        if form.is_valid():
           new_user = form.save()
           return HttpResponseRedirect("/books/")
    else:
        form = UserCreationForm()
    c = {'form': form}
    return render_to_response("registration/register.html", c, context_instance=RequestContext(request))

这为我修好了.

Answer 2

我正在使用Django 1.2.3,我有一些间歇性的问题:

要做的事:

确保模板中存在csrf标记:

<form action="" method="post">{% csrf_token %}

使用RequestContext:

return render_to_response('search-results.html', {'results' : results}, context_instance=RequestContext(request) )

确保对GET使用RequestContext,如果它们由相同的视图函数处理,并呈现相同的模板.

即:

if request.method == 'GET':
    ...
    return render_to_response('search-results.html', {'results':results}, context_instance=RequestContext(request) )
elif request.method == 'POST':
    ...
    return render_to_response('search-results.html', {'results':results}, context_instance=RequestContext(request))

不:

if request.method == 'GET':
    ...
    return render_to_response('search-results.html', {'results':results})
elif request.method == 'POST':
    ...
    return render_to_response('search-results.html', {'results':results}, context_instance=RequestContext(request))

确保你的settings.py中列出'django.middleware.csrf.CsrfViewMiddleware'

MIDDLEWARE_CLASSES = (
    'django.middleware.common.CommonMiddleware',
    'django.contrib.sessions.middleware.SessionMiddleware',
    'django.middleware.csrf.CsrfViewMiddleware',
    'django.contrib.auth.middleware.AuthenticationMiddleware',
    'django.contrib.messages.middleware.MessageMiddleware',
)

Answer 3

假设您使用的是Django 1.2.x,请在之前添加{{form.as_p}}:

{% csrf_token %}

要了解为什么,请查看CSRF文档