我无法理解为什么来自第三方网站的帖子被拒绝,即使该网站已添加到CSRF_TRUSTED_ORIGINSsettings.py 中的列表中。在发布说明 csrf 检查失败的帖子后,我收到了 403 错误。我认为添加该站点CSRF_TRUSTED_ORIGINS应该可以使该站点免受 csrf 检查。为了接收来自外部来源的帖子请求,我还应该做些什么吗?我正在运行 django 3.2
CSRF_TRUSTED_ORIGINS = ['site.lv']
请求标头:
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.9
Accept-Encoding: gzip, deflate, br
Accept-Language: en-US,en;q=0.9,lv;q=0.8,ru;q=0.7
Cache-Control: no-cache
Connection: keep-alive
Content-Length: 899
Content-Type: application/x-www-form-urlencoded
Host: cvcentrs-staging.herokuapp.com
Origin: https://www.site.lv
Pragma: no-cache
Referer: https://www.site.lv/
sec-ch-ua: " Not A;Brand";v="99", "Chromium";v="96", "Microsoft Edge";v="96"
sec-ch-ua-mobile: ?0
sec-ch-ua-platform: "Windows"
Sec-Fetch-Dest: document
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: cross-site
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.110 Safari/537.36 Edg/96.0.1054.62
我创建了一个 HTML 表,其中列出了 SQLAlchemy 表中的许多行。该表是使用 jinja2 模板通过循环创建的:
{% for single_merchant in merchants %}
<tr>
<td>{{single_merchant.id}}</td>
<td><button type="button" class="btn btn-sm btn-outline-danger">Delete</button>
</tr>
每行都有一个“删除”按钮。我正在尝试弄清楚如何分配删除按钮来删除该特定的 SQLalchemy 行。我尝试将按钮创建为名为的单独烧瓶形式delete_form,并添加一个id="{{single_merchant.id}}属性,button如下所示:
{% for single_merchant in merchants %}
<tr>
<td>{{single_merchant.id}}</td>
<form method="post">
{{ delete_form.hidden_tag() }}
<td>{{ delete_form.delete(id=single_merchant.id) }}</td>
</form>
</tr>
然后在 app.py 中我创建了一个 if 语句:
if delete_form.validate_on_submit():
print(f"merchant to delete ID - {delete_form.delete.id}")
我希望获得single_merchant.id输出并在 if 语句中使用它从我的 SQLAlchemy 表中删除特定商家,但相反,我得到了输出,merchant to delete ID - delete即使从 HTML 文件中该id属性的值为 1,因为 …