我在Django中编写了一个Web应用程序.我需要将一些数据发布到python脚本的表单中.禁用登录时,帖子(r2)可正常工作.我有正确的登录请求(r1),但它现在给我一个404错误的表单帖子(r2).登录似乎没有转移到第二个请求.csrftoken和sessionid被硬编码用于测试,因为它没有识别它们.相关代码(删除了网址):
url_login='../pecasRunLog/accounts/login/'
url_add_run='../pecasRunLog/model/'+region+'/add_run/'
client = requests.session()
client.get(url_login)
csrftoken = client.cookies['csrftoken']
login_data = {'username':user,'password':password, 'csrfmiddlewaretoken':csrftoken, 'next': '/pecasRunLog/'}
r1=client.post(url_login,data=login_data)
payload={'model_region':region_id,'scendir':scendir, 'mapit_scenario': schema, 'run_name':schema+timestamp, 'run_computer_name':os.environ['COMPUTERNAME'], 'run_computer_ip':get_lan_ip(), 'declared_user':declared_user, 'logged_in_user':getpass.getuser(), 'sd_schema':schema, 'sd_database':database, 'sd_host':get_lan_ip(), 'sd_port':pgport,'mapit_schema':schema, 'mapit_database':database, 'mapit_host':get_lan_ip(), 'mapit_port':pgport,'start_date':start_date, 'start_time':start_time, 'end_date':end_date, 'end_time':end_time,'logged_manually':3, 'csrfmiddlewaretoken':csrftoken, 'sessionid':'jtvv50cs3iyo9bjthbr2diujfmrrlsnf'}
r2=requests.post(url_add_run,payload)
无法想出这个.CSRF验证在我的所有Django模板视图中都能正常工作.在这里,我试图使用我在其他帖子中找到的技术从python客户端发布.client.get(url)调用确实提供了令牌(调试器显示,例如:client.cookies ['csrftoken'] ='POqMV69MUPzey0nyLmifBglFDfBGDuo9')但requests.post()失败,错误403,CSRF验证失败.这是怎么回事?
我的Django视图(在方法中有一些虚拟的东西):
class CameraUpload(View):
template_name = "account/templates/upload.html"
def get(self, request):
dummy = VideoForm()
return render(request, self.template_name, {'form': dummy})
def post(self, request):
dummy = VideoForm()
return render(request, self.template_name, {'form': dummy})
并且正在尝试发布帖子的客户:
import requests
url = 'http://127.0.0.1:8000/account/camera_upload/'
client = requests.session()
client.get(url)
csrftoken = client.cookies['csrftoken']
payload = {
'csrfmiddlewaretoken': csrftoken,
'tag': '69'
}
r = requests.post(url, data=payload)
编辑:
尝试按照此链接添加引用,所以代码现在看起来像:
r = requests.post(url, data=payload, headers=dict(Referer=url))
但同样存在问题.
我正在尝试使用requests登录网站,但你可以猜到我遇到了问题
这是我正在使用的代码
import requests
EMAIL = '***'
PASSWORD = '***'
URL = 'https://portal.bitcasa.com/login'
client = requests.session(config={'verbose': sys.stderr})
login_data = {'username': EMAIL, 'password': PASSWORD,}
r = client.post(URL, data=login_data, headers={"Referer": "foo"})
print r
如果我打印出来,r.text我会
<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN" "http://www.w3.org/TR/html4/loose.dtd">
<html lang="en">
<head><script type="text/javascript">var NREUMQ=NREUMQ||[];NREUMQ.push(["mark","firstbyte",new Date().getTime()])</script>
<meta http-equiv="content-type" content="text/html; charset=utf-8">
<meta name="robots" content="NONE,NOARCHIVE">
<title>403 Forbidden</title>
<style type="text/css">
html * { padding:0; margin:0; }
body * { padding:10px 20px; }
body * * { padding:0; }
body …我使用以下代码首先登录我的网站以获取有效的 CSRF 令牌,然后我想使用该令牌进行 API 调用,但是,它失败了。请帮我..
import requests
LOGIN_URL = 'http://localhost:8000/admin/login/'
client = requests.session()
# Retrieve the CSRF token first
client.get(LOGIN_URL)
csrftoken = client.cookies['csrftoken']
print('token:'+ csrftoken)
login_data = dict(username='xxxx', password='xxxx', csrfmiddlewaretoken=csrftoken)
r1 = client.post(LOGIN_URL, data=login_data, headers=dict(Referer=LOGIN_URL))
print(r1.status_code, r1.reason)
print('token:'+ csrftoken)
API_URL = 'http://localhost:8000/collection/api/job_submit/'
payload = {'csrfmiddlewaretoken': csrftoken, 'value1': 'val', 'value2': 'val'}
r2 = client.post(API_URL, data=payload, headers={'referer': API_URL, 'X-CSRFToken': csrftoken})
print(r2.status_code, r2.reason)
这是我从服务器得到的:
[24/Oct/2018 21:28:59] "GET /admin/login/ HTTP/1.1" 200 1806
[24/Oct/2018 21:28:59] "POST /admin/login/ HTTP/1.1" 302 0
[24/Oct/2018 21:28:59] "GET /accounts/profile/ HTTP/1.1" …