CSRF验证失败。更新表单时请求中止

时间:2022-03-26 19:17:16

I have the following template

我有以下模板

{% block content %}
    <form enctype="multipart/form-data" action="" method="post">{% csrf_token %}
    {% for field in form %}
        {{ field.label_tag }} {{ field }}
    {% endfor %}
    <input type="submit" value="Submit">
    </form>
{% endblock %}

Which is build up using this model

这是使用这个模型建立的

class TProfiles(models.Model):
    id = models.IntegerField(primary_key=True)  # AutoField?
    first_name = models.CharField(max_length=45, blank=True)
    surname = models.CharField(max_length=45, blank=True)
    email = models.CharField(max_length=45, blank=True)

class Meta:
    managed = False
    db_table = 'profiles'

class TProfilesForm(ModelForm):
    class Meta:
        model = TProfiles
        fields = ['first_name', 'surname', 'email']

Which get passed to the view

哪个传递给视图

def register(request):
    form = TProfilesForm()

    if request.method == 'POST':
        form = TProfilesForm(request.POST)
        if form.is_valid():
            form.save()

    return render_to_response("register.html", {
        "form": form,
    })

However, I keep getting errors when trying to save the fields. CSRF errors seem to come in many flavours...

但是,在尝试保存字段时,我一直遇到错误。 CSRF错误似乎有很多种...

EDIT - Error message

编辑 - 错误消息

Forbidden (403)
CSRF verification failed. Request aborted.
Help
Reason given for failure:
    CSRF token missing or incorrect.

In general, this can occur when there is a genuine Cross Site Request Forgery, or when Django's   CSRF mechanism has not been used correctly. For POST forms, you need to ensure:
Your browser is accepting cookies.
The view function uses RequestContext for the template, instead of Context.
In the template, there is a {% csrf_token %} template tag inside each POST form that targets an internal URL.
If you are not using CsrfViewMiddleware, then you must use csrf_protect on any views that use the csrf_token template tag, as well as those that accept the POST data.
You're seeing the help section of this page because you have DEBUG = True in your Django settings file. Change that to False, and only the initial error message will be displayed.
You can customize this page using the CSRF_FAILURE_VIEW setting.

2 个解决方案

#1

0  

Or Simply Use render instead of render_to_response:

或者只使用render而不是render_to_response:

return render(request,"register.html", {"form": form,})

With import :

带导入:

from django.shortcuts import render

#2

0  

The answer seems to be to add RequestContext(request) to the return statement. So my code looks like:

答案似乎是将RequestContext(request)添加到return语句中。所以我的代码看起来像:

def register(request):
    form = TProfilesForm()

    if request.method == 'POST':
        form = TProfilesForm(request.POST)
        if form.is_valid():
            form.save()


    return render_to_response("register.html", {
        "form": form,
    }, RequestContext(request))

The answer was found here

答案在这里找到

#1

0  

Or Simply Use render instead of render_to_response:

或者只使用render而不是render_to_response:

return render(request,"register.html", {"form": form,})

With import :

带导入:

from django.shortcuts import render

#2

0  

The answer seems to be to add RequestContext(request) to the return statement. So my code looks like:

答案似乎是将RequestContext(request)添加到return语句中。所以我的代码看起来像:

def register(request):
    form = TProfilesForm()

    if request.method == 'POST':
        form = TProfilesForm(request.POST)
        if form.is_valid():
            form.save()


    return render_to_response("register.html", {
        "form": form,
    }, RequestContext(request))

The answer was found here

答案在这里找到

标签:

相关文章