I have two forms on two pages, one leads to the other. When "Submit" is pressed on page 1 it is supposed to take you to the form on page 2. Page 2 fails with "CSRF verification failed. Request aborted." With the reason being "CSRF cookie not set."
我在两个页面上有两个表单,一个表示另一个表单。如果在第1页上按下“提交”,则应该将您带到第2页的表单。第2页失败,“CSRF验证失败。请求已中止。”原因是“未设置CSRF cookie”。
The weird part is that if I go directly to Page 2, it loads fine. If I refresh the page and resubmit the form, I get 403'd again, but if, for example, I go into the address bar and just hit "Enter" to re-visit the page, it loads without the error. What gives?
奇怪的是,如果我直接进入第2页,它会很好地加载。如果我刷新页面并重新提交表单,我会再次获得403,但是,例如,如果我进入地址栏并点击“Enter”重新访问该页面,则会加载而不会出现错误。是什么赋予了?
I am using the most recent version of Django, I am using render in all my views and {% csrf_token %} in all my form tags.
我使用的是最新版本的Django,我在所有视图中使用了渲染,在所有表单标签中都使用了{%csrf_token%}。
Why would revisiting the page be fixing the 403 error? No login or authentication is happening between the forms. In fact, I don't even do anything with the data submitted in page 1 (yet).
为什么重新访问该页面会修复403错误?表单之间没有登录或身份验证。事实上,我甚至没有对第1页(尚未)提交的数据做任何事情。
Relevant code is as follows:
相关代码如下:
Page 1 Template:
第1页模板:
<div class="">
<div class="">
<h1>Page 1</h1>
<p>What's up?</p>
<form action="{% url 'core:getPageTwo' %}" method="post">
{% csrf_token %}
{{ form }}
<input class="yellow_button" type="submit" value="Submit">
</form>
</div>
</div>
Page 2 View:
第2页查看:
def getPageTwo(request):
form = SomeForm()
context = {'form' : form}
return render (request, 'core/page_two.html', context)
Page 2 Template:
第2页模板:
<div class="">
<div class="">
<h1>Page 2</h1>
<form action="#" method="post">
{% csrf_token %}
{{ form }}
</form>
</div>
</div>
2 个解决方案
#1
0
Found it. My HTTPS was messing up. So the fact that I had CSRF_COOKIE_SECURE = TRUE was messing up all attempts to send a cookie.
找到了。我的HTTPS搞砸了。所以我有CSRF_COOKIE_SECURE = TRUE的事实搞乱了所有发送cookie的尝试。
#2
0
In addition to your answer @thrillhouse :
除了你的答案@thrillhouse:
CSRF_COOKIE_SECURE=True
makes the csrf token only work with ssl, like the docs also say:
CSRF_COOKIE_SECURE = True使csrf令牌仅适用于ssl,就像文档也说:
Whether to use a secure cookie for the CSRF cookie. If this is set to True, the cookie will be marked as “secure,” which means browsers may ensure that the cookie is only sent with an HTTPS connection.
是否为CSRF cookie使用安全cookie。如果将其设置为True,则cookie将被标记为“安全”,这意味着浏览器可以确保cookie仅通过HTTPS连接发送。
So when you switch back to HTTPS
connection, you should turn the value back to True
.
因此,当您切换回HTTPS连接时,应将该值重置为True。
#1
0
Found it. My HTTPS was messing up. So the fact that I had CSRF_COOKIE_SECURE = TRUE was messing up all attempts to send a cookie.
找到了。我的HTTPS搞砸了。所以我有CSRF_COOKIE_SECURE = TRUE的事实搞乱了所有发送cookie的尝试。
#2
0
In addition to your answer @thrillhouse :
除了你的答案@thrillhouse:
CSRF_COOKIE_SECURE=True
makes the csrf token only work with ssl, like the docs also say:
CSRF_COOKIE_SECURE = True使csrf令牌仅适用于ssl,就像文档也说:
Whether to use a secure cookie for the CSRF cookie. If this is set to True, the cookie will be marked as “secure,” which means browsers may ensure that the cookie is only sent with an HTTPS connection.
是否为CSRF cookie使用安全cookie。如果将其设置为True,则cookie将被标记为“安全”,这意味着浏览器可以确保cookie仅通过HTTPS连接发送。
So when you switch back to HTTPS
connection, you should turn the value back to True
.
因此,当您切换回HTTPS连接时,应将该值重置为True。