django基本博客CSRF验证失败。请求中止

时间:2022-04-11 06:35:08

I am trying to learn django. I am working on a basic blog, and right now I want to be able to add posts. I would like to do this with a post request and call a method that saves what is in the form into my db. Right now I am having trouble with csrf stuff. I know there are a lot of posts on this but I have looked through many of them and not been able to solve my problem. I have tried adding {% csrf_token %} , but that didn't work. I tried clearing my browser cache/cookies. I added the csrf to my middleware. So if anybody could help me figure this out I would appreciate it. And I have also seen a notation of {% url some something %} but I haven't been able to figure out what it does. I would really appreciate any help

我正在努力学习django。我正在开发一个基本的博客,现在我希望能够添加帖子。我想用post请求执行此操作并调用一个方法将表单中的内容保存到我的数据库中。现在我遇到了csrf问题。我知道这里有很多帖子,但我查看了很多帖子,但未能解决我的问题。我尝试添加{%csrf_token%},但这不起作用。我尝试清除浏览器缓存/ cookie。我将csrf添加到我的中间件中。所以,如果有人能帮助我解决这个问题,我将不胜感激。而且我也看到了{%url some something%}的符号,但我无法弄清楚它的作用。我真的很感激任何帮助

models.py

from django.db import models

class Post(models.Model):
    text = models.TextField(max_length=250)
    time = models.DateTimeField(auto_now_add=True)
    def __unicode__(self):
        return self.text

views.py

from django.http import Http404, HttpResponse
from django.shortcuts import render_to_response, redirect
from blog.models import Post

def home(request):
    try:
        p = Post.objects.all()
    except Post.DoesNotExist:
        raise Http404
    return render_to_response('index.html',
        {'post':p})

def post(request, uID):
    try:
        p = Post.objects.get(pk=uID)
    except:
        raise Http404
    return render_to_response('post.html',
        {'post':p})

def delete(request, uID):
    try:
        p = Post.objects.get(pk=uID).delete()
    except:
        raise Http404
    return render_to_response('delete.html',
        {'post':p})

def new(request):
    return render_to_response('new.html')

def add(request):
    if request.method == 'POST':
        c = {}
        c.update(csrf(request))
        p = Post(text=request.text)
        p.save()
        return render_to_response("index.html", c)
    else:
        raise Http404

urls.py

from django.conf.urls import patterns, include, url


from django.contrib import admin
admin.autodiscover()

urlpatterns = patterns('',
    url(r'^$', 'blog.views.home', name='home'),
    url(r'^(?P<uID>\d+)/$', 'blog.views.post', name='Post Id'),
    url(r'^(?P<uID>\d+)/delete/$', 'blog.views.delete', name='del'),
    url(r'^new/$', 'blog.views.new'),
    url(r'^created/$', 'blog.views.added'),
    # url(r'^myApp/', include('myApp.foo.urls')),

    # Uncomment the admin/doc line below to enable admin documentation:
    # url(r'^admin/doc/', include('django.contrib.admindocs.urls')),


    url(r'^admin/', include(admin.site.urls)),
)

new.html

<html>
    <body>
        <h2> Create a new Post </h2>
        <form method="post" action="">
            {% csrf_token %}
            Body: <input type="textarea" name="text">
            <input type="submit" value="Submit">
        </form>
    </body>
</html>

settings.py

# Django settings for myApp project.

DEBUG = True
TEMPLATE_DEBUG = DEBUG

ADMINS = (
    # ('Your Name', 'your_email@example.com'),
)

MANAGERS = ADMINS

DATABASES = {
    'default': {
        'ENGINE': 'django.db.backends.sqlite3', # Add 'postgresql_psycopg2', 'mysql', 'sqlite3' or 'oracle'.
        'NAME': 'db.sqlite',                      # Or path to database file if using sqlite3.
        # The following settings are not used with sqlite3:
        'USER': '',
        'PASSWORD': '',
        'HOST': '',                      # Empty for localhost through domain sockets or '127.0.0.1' for localhost through TCP.
        'PORT': '',                      # Set to empty string for default.
    }
}

# Hosts/domain names that are valid for this site; required if DEBUG is False
# See https://docs.djangoproject.com/en/1.5/ref/settings/#allowed-hosts
ALLOWED_HOSTS = []

# Local time zone for this installation. Choices can be found here:
# http://en.wikipedia.org/wiki/List_of_tz_zones_by_name
# although not all choices may be available on all operating systems.
# In a Windows environment this must be set to your system time zone.
TIME_ZONE = 'America/Chicago'

# Language code for this installation. All choices can be found here:
# http://www.i18nguy.com/unicode/language-identifiers.html
LANGUAGE_CODE = 'en-us'

SITE_ID = 1

# If you set this to False, Django will make some optimizations so as not
# to load the internationalization machinery.
USE_I18N = True

# If you set this to False, Django will not format dates, numbers and
# calendars according to the current locale.
USE_L10N = True

# If you set this to False, Django will not use timezone-aware datetimes.
USE_TZ = True

# Absolute filesystem path to the directory that will hold user-uploaded files.
# Example: "/var/www/example.com/media/"
MEDIA_ROOT = ''

# URL that handles the media served from MEDIA_ROOT. Make sure to use a
# trailing slash.
# Examples: "http://example.com/media/", "http://media.example.com/"
MEDIA_URL = ''

# Absolute path to the directory static files should be collected to.
# Don't put anything in this directory yourself; store your static files
# in apps' "static/" subdirectories and in STATICFILES_DIRS.
# Example: "/var/www/example.com/static/"
STATIC_ROOT = ''

# URL prefix for static files.
# Example: "http://example.com/static/", "http://static.example.com/"
STATIC_URL = '/static/'

# Additional locations of static files
STATICFILES_DIRS = (
    # Put strings here, like "/home/html/static" or "C:/www/django/static".
    # Always use forward slashes, even on Windows.
    # Don't forget to use absolute paths, not relative paths.
)

# List of finder classes that know how to find static files in
# various locations.
STATICFILES_FINDERS = (
    'django.contrib.staticfiles.finders.FileSystemFinder',
    'django.contrib.staticfiles.finders.AppDirectoriesFinder',
#    'django.contrib.staticfiles.finders.DefaultStorageFinder',
)

# Make this unique, and don't share it with anybody.
SECRET_KEY = 'mbc+)59rb8$o_k2epu8bi#!8nv!8j^)r@)b@po+t=!@3xx_at2'

# List of callables that know how to import templates from various sources.
TEMPLATE_LOADERS = (
    'django.template.loaders.filesystem.Loader',
    'django.template.loaders.app_directories.Loader',
#     'django.template.loaders.eggs.Loader',
)

MIDDLEWARE_CLASSES = (
    'django.middleware.common.CommonMiddleware',
    'django.contrib.sessions.middleware.SessionMiddleware',
    'django.middleware.csrf.CsrfViewMiddleware',
    'django.contrib.auth.middleware.AuthenticationMiddleware',
    'django.contrib.messages.middleware.MessageMiddleware',
    'django.middleware.csrf.CsrfViewMiddleware',
    # Uncomment the next line for simple clickjacking protection:
    # 'django.middleware.clickjacking.XFrameOptionsMiddleware',
)

ROOT_URLCONF = 'myApp.urls'

# Python dotted path to the WSGI application used by Django's runserver.
WSGI_APPLICATION = 'myApp.wsgi.application'

TEMPLATE_DIRS = (
    # Put strings here, like "/home/html/django_templates" or "C:/www/django/templates".
    # Always use forward slashes, even on Windows.
    # Don't forget to use absolute paths, not relative paths.
)

INSTALLED_APPS = (
    'django.contrib.auth',
    'django.contrib.contenttypes',
    'django.contrib.sessions',
    'django.contrib.sites',
    'django.contrib.messages',
    'django.contrib.staticfiles',
    'blog',
    'django.contrib.admin',
    # Uncomment the next line to enable admin documentation:
    # 'django.contrib.admindocs',
)

# A sample logging configuration. The only tangible logging
# performed by this configuration is to send an email to
# the site admins on every HTTP 500 error when DEBUG=False.
# See http://docs.djangoproject.com/en/dev/topics/logging for
# more details on how to customize your logging configuration.
LOGGING = {
    'version': 1,
    'disable_existing_loggers': False,
    'filters': {
        'require_debug_false': {
            '()': 'django.utils.log.RequireDebugFalse'
        }
    },
    'handlers': {
        'mail_admins': {
            'level': 'ERROR',
            'filters': ['require_debug_false'],
            'class': 'django.utils.log.AdminEmailHandler'
        }
    },
    'loggers': {
        'django.request': {
            'handlers': ['mail_admins'],
            'level': 'ERROR',
            'propagate': True,
        },
    }
}

1 个解决方案

#1


1  

You need to add csrf verification to the view as well as the html so it should be

您需要将csrf验证添加到视图以及html中,以便它应该是

def new(request):
    context = {}
    context.update(csrf(request))
    return render_to_response("new.html", context)

#1


1  

You need to add csrf verification to the view as well as the html so it should be

您需要将csrf验证添加到视图以及html中,以便它应该是

def new(request):
    context = {}
    context.update(csrf(request))
    return render_to_response("new.html", context)