Forbidden (403) CSRF verification failed. Request aborted.

Forbidden (403)
CSRF verification failed. Request aborted.
You are seeing this message because this site requires a CSRF cookie when submitting forms. This cookie is required for security reasons, to ensure that your browser is not being hijacked by third parties.
If you have configured your browser to disable cookies, please re-enable them, at least for this site, or for ‘same-origin‘ requests.
Help
Reason given for failure:
CSRF cookie not set.

In general, this can occur when there is a genuine Cross Site Request Forgery, or when Django‘s CSRF mechanism has not been used correctly. For POST forms, you need to ensure:
Your browser is accepting cookies.
The view function passes a request to the template‘s render method.
In the template, there is a {% csrf_token %} template tag inside each POST form that targets an internal URL.
If you are not using CsrfViewMiddleware, then you must use csrf_protect on any views that use the csrf_token template tag, as well as those that accept the POST data.
You‘re seeing the help section of this page because you have DEBUG = True in your Django settings file. Change that to False, and only the initial error message will be displayed.
You can customize this page using the CSRF_FAILURE_VIEW setting.

被折腾很久,最终解决是参考http://blog.csdn.net/middlekingt/article/details/8593031 里面添加了装饰器好了。

但是问题依旧,后来又看到另外一种方式在这个网站上:
o manually exclude a view function from being handled by either of the two CSRFmiddleware, you can use the csrf_exempt decorator, found in thedjango.views.decorators.csrf module. For example:
from django.views.decorators.csrf import csrf_exempt

@csrf_exempt
def my_view(request):
    return HttpResponse(‘Hello world‘)
Like the middleware, the csrf_exempt decorator is composed of two parts: acsrf_view_exempt decorator and a csrf_response_exempt decorator, foundin the same module. These disable the view protection mechanism(CsrfViewMiddleware) and the response post-processing(CsrfResponseMiddleware) respectively. They can be used individually ifrequired.
终于把这个问题解决了。

其实我是绕开了这个问题,因为django之所以引进CSRF是为了避免Cross Site Request Forgeries攻击,而上面的解决方法恰好禁止掉这个django的功能。所以日后还得仔细研究下,在不禁掉这个功能的前提下成功的提交表单。
时间: 2024-10-11 01:01:07

Forbidden (403) CSRF verification failed. Request aborted.的相关文章

Djang——CSRF verification failed. Request aborted

Forbidden (403) CSRF verification failed. Request aborted. Help Reason given for failure: CSRF token missing or incorrect. In general, this can occur when there is a genuine Cross Site Request Forgery, or when Django's CSRF mechanism has not been use

Django1.8:403错误:CSRF verification failed. Request aborted.

问题:Django 403错误:CSRF verification failed. Request aborted. 原因:需要加cookie验证 解决方法: 1.在view.py中增加 from django.template import Template, Context, RequestContext def newproject(request): …… return render_to_response('newproject.html', locals(),context_inst

Django提交POST表单“CSRF verification failed. Request aborted”问题的解决

1.环境 python 3.4 Django 1.7 Visual Studio 2015 PTVS 2.问题 提交表单,出现以下错误: CSRF verification failed. Request aborted. 3.解决 查看settings.py, 有 'django.middleware.csrf.CsrfViewMiddleware' 一句: 1 MIDDLEWARE_CLASSES = ( 2 'django.contrib.sessions.middleware.Sessi

Django 403错误:CSRF verification failed. Request aborted

网上有解决办法,我自己的组合是: 一,FORM加标识 <form action="" method="post"> {% csrf_token %} 类型:<select name="salt_class"> 二,VIEW导入Redirect from django.http import HttpResponsefrom django.http import HttpResponseRedirectfrom django

Django POST常见的错误:CSRF verification failed. Request aborted.

直接用代码说明吧. 在Post模板页面加入{%csrf_token%} <html> <body> {{result}} <form action="{%url 'login'%}" method="post"> {% csrf_token %} name:<input type="text" id="username" name="username" value=

CSRF verification failed. Request aborted. 解决方法

按着网上教程部署一个blog 项目,写到登录界面,怎么登录都是显示 试了好多方法,最后发现,在view.py 的render_to_response后加上 context_instance = RequestContext(request),此时没有引用RequestContext,需要加载包名from django.template import RequestContext 最后还需要在index.html 里面加上 {% csrf_token %} 之后再试 终于成功了,作为一个小白,这里

Django 表单 POST CSRF verification failed. Request aborted.错误

这里有答案 http://www.qttc.net/201209211.html 总结就是 1.在模板中要提交的form中加入{% csrf_token %} <form method="post"> {% csrf_token %} {{form.as_p}} <input type="submit" name="ok"> </form> 2.把views中的 render_to_response('h1.h

CSRF verification failed. Request aborted.

解决办法: 将settings.py中的红色这一行注释 MIDDLEWARE_CLASSES = ( 'django.contrib.sessions.middleware.SessionMiddleware', 'django.middleware.common.CommonMiddleware', #'django.middleware.csrf.CsrfViewMiddleware', 'django.contrib.auth.middleware.AuthenticationMiddle

Django POST CSRF verification failed. Request abor

环境 Window 7 Python2.7 Django1.4.1 sqlite3 问题 在使用Django搭建好测试环境后,写了一个提交POST表单提交留言的测试页面. 如图: 填写表单,点击“提交留言”按钮提交到服务器,却出现 Forbidden (403) CSRF verification failed. Request aborted. 由于之前使用GET方式提交表单内容测试均正常,就以为这个问题估计是配置问题没细看后边的帮助提示直接在网上搜索解决方案. 一搜索发现相关网页很多,看来大