I've started new django project and enabled admin app. I can login to admin site but when I'm trying to add/change site or user I'm getting
我已经启动了新的django项目并启用了管理员应用程序。我可以登录管理站点,但是当我尝试添加/更改网站或用户时,我正在获取
CSRF verification failed. Request aborted.
Reason given for failure:
CSRF token missing or incorrect.
That's what I have in settings.py:
这就是我在settings.py中所拥有的:
TEMPLATE_LOADERS = (
'django.template.loaders.filesystem.Loader',
'django.template.loaders.app_directories.Loader',
)
MIDDLEWARE_CLASSES = (
'django.middleware.common.CommonMiddleware',
'django.contrib.sessions.middleware.SessionMiddleware',
'django.middleware.csrf.CsrfViewMiddleware',
'django.contrib.auth.middleware.AuthenticationMiddleware',
'django.contrib.messages.middleware.MessageMiddleware',
# Uncomment the next line for simple clickjacking protection:
# 'django.middleware.clickjacking.XFrameOptionsMiddleware',
)
INSTALLED_APPS = (
'django.contrib.auth',
'django.contrib.contenttypes',
'django.contrib.sessions',
'django.contrib.sites',
'django.contrib.messages',
'django.contrib.staticfiles',
'django.contrib.admin',
# Uncomment the next line to enable admin documentation:
# 'django.contrib.admindocs',
)
When I'm looking at admin page source I see
当我在查看管理页面源代码时,我看到了
<input type='hidden' name='csrfmiddlewaretoken' value='T9Mfk1LRXi5jPE2dh5jcvdKwzYM6Iy5I' />
there
I have Django version 1.4.1
我有Django版本1.4.1
2 个解决方案
#1
6
Have you overridden the CSRF_COOKIE_DOMAIN setting? If the CSRF token is present in the form, and you haven't modified the source of the admin app, then the most likely scenario is that the cookie is not being set correctly.
您是否覆盖了CSRF_COOKIE_DOMAIN设置?如果表单中存在CSRF令牌,并且您尚未修改管理应用程序的源,则最可能的情况是未正确设置cookie。
Check the response headers of the login page to make sure that the cookie is being set correctly, and check the request headers of your login attempt to ensure that it is also being sent (and matches the value in the form).
检查登录页面的响应标头以确保正确设置cookie,并检查登录尝试的请求标头以确保它也被发送(并匹配表单中的值)。
#2
0
Locally, I have one project where the CRSF works fine when browsing http://localhost:8040/my-admin/
but fails at http://127.0.0.1:8040/my-admin/
.
在本地,我有一个项目,当浏览http:// localhost:8040 / my-admin /时CRSF工作正常,但在http://127.0.0.1:8040/my-admin/失败。
I'm not sure why but that might help save someone some time.
我不确定为什么,但这可能有助于节省一些时间。
Note: I haven't set the CSRF_COOKIE_DOMAIN
.
注意:我没有设置CSRF_COOKIE_DOMAIN。
#1
6
Have you overridden the CSRF_COOKIE_DOMAIN setting? If the CSRF token is present in the form, and you haven't modified the source of the admin app, then the most likely scenario is that the cookie is not being set correctly.
您是否覆盖了CSRF_COOKIE_DOMAIN设置?如果表单中存在CSRF令牌,并且您尚未修改管理应用程序的源,则最可能的情况是未正确设置cookie。
Check the response headers of the login page to make sure that the cookie is being set correctly, and check the request headers of your login attempt to ensure that it is also being sent (and matches the value in the form).
检查登录页面的响应标头以确保正确设置cookie,并检查登录尝试的请求标头以确保它也被发送(并匹配表单中的值)。
#2
0
Locally, I have one project where the CRSF works fine when browsing http://localhost:8040/my-admin/
but fails at http://127.0.0.1:8040/my-admin/
.
在本地,我有一个项目,当浏览http:// localhost:8040 / my-admin /时CRSF工作正常,但在http://127.0.0.1:8040/my-admin/失败。
I'm not sure why but that might help save someone some time.
我不确定为什么,但这可能有助于节省一些时间。
Note: I haven't set the CSRF_COOKIE_DOMAIN
.
注意:我没有设置CSRF_COOKIE_DOMAIN。