3

我正在构建此 wiki 帖子,并且在尝试保存数据时遇到错误。我目前正在使用 django 1.4.3,而我使用的教程已经很老了。所以我不认为 CSRF 包含在旧版本中。

Forbidden (403)

CSRF verification failed. Request aborted.
Help

Reason given for failure:

    CSRF token missing or incorrect
     In general, this can occur when there is a genuine Cross Site Request Forgery, or when Django's CSRF mechanism has not been used correctly. For POST forms, you need to ensure:

 Your browser is accepting cookies.
 The view function uses RequestContext for the template, instead of Context.
 In the template, there is a {% csrf_token %} template tag inside each POST form that   targets an internal URL.
 If you are not using CsrfViewMiddleware, then you must use csrf_protect on any views that use the csrf_token template tag, as well as those that accept the POST data.

我认为问题出在我的模板中,但无论如何我都会列出我的views.py

我的观点是:

 from wiki.models import Page
 from django.shortcuts import render_to_response 
 from django.http import HttpResponseRedirect
 def view_page(request,page_name):
     try:
         page = Page.objects.get(pk=page_name)
     except Page.DoesNotExist:
         return render_to_response("create.html",{"page_name":page_name})
     content = page.content
     return render_to_response("view.html",{"page_name":page_name , "content":content})
 def edit_page(request,page_name):
     try:
         page = Page.objects.get(pk=page_name)
         content = page.content
     except Page.DoesNotExist:
         content = ""
     return render_to_response("edit.html",{"page_name":page_name, "content":content})
 def save_page(request , page_name):
     content = request.POST.get('content', 'this is the default')
     try:
         page = Page.objects.get(pk = page_name)
         page.content = content
     except Page.DoesNotExist:
         page = Page(name= page_name , content=content)
         page.save()
         return HttpResponseRedirect("/wikicamp/" + page_name + "/")

我的 create.html

 <html>
    <head>
        <title>{{page.name}} - Create </title>
    </head>
    <body>
    <h1>{{page_name}} </h1>
    This page does not exist. <a href="/wikicamp/{{page_name}}/edit/">Create?     </a>
 </body>
 </html>

我的 edit.html ,我在里面添加了 {% csrf_token %} 但似乎失败了。

  <html>
<head>
    <title>{{page_name - Editing</title>
</head>
<body>
    <h1>Editing {{page_name}} </h1>
    <form method = "post" action="/wikicamp/{{page_name}}/save/"> {% csrf_token %}
            <textarea name="content" rows="20" cols="60"> {{content}}
  </textarea><br/>      
        <input type="submit" value="Save Page"/>
        </form>
    </body>
  </html>

我的views.py 模板

    <html>
<head>
    <title>{{page_name}}</title>
</head>
<body>
    <h1>{{page_name}} </h1>
    {{content}}
    <hr/>
    <a href="/wikicamp/{{page_name}}/edit/">Edit this page ?</a>
</body>
   </html>

我的网址配置:

  from django.conf.urls import patterns, include, url
  from django.contrib import admin
  from django.conf import settings

  admin.autodiscover()
  urlpatterns = patterns('',

      url(r'^admin/', include(admin.site.urls)),
      url(r'^wikicamp/(?P<page_name>[^/]+)/edit/$','wiki.views.edit_page'),
      url(r'^wikicamp/(?P<page_name>[^/]+)/save/$','wiki.views.save_page'),
      url(r'^wikicamp/(?P<page_name>[^/]+)/$','wiki.views.view_page'),

  )

我该如何解决这个问题?

4

2 回答 2

2

from django.template import RequestContext

return render_to_response('contact_form.html', {'errors': errors}, context_instance=RequestContext(request))

如果表单用于内部 URL,还可以在元素内使用 csrf_token 标记,例如:

 "form action="" method="post">{% csrf_token %}"

参考

于 2013-10-31T20:08:31.483 回答
1

将 context_instance=RequestContext(request) 添加到您将在其中使用表单的每个视图中:似乎您没有传递上下文处理器

 from wiki.models import Page
 from django.shortcuts import render_to_response 
 from django.http import HttpResponseRedirect
 def view_page(request,page_name):
     try:
         page = Page.objects.get(pk=page_name)
     except Page.DoesNotExist:
         return render_to_response("create.html",{"page_name":page_name})
     content = page.content
     return render_to_response("view.html",{"page_name":page_name , "content":content}, context_instance=RequestContext(request))
 def edit_page(request,page_name):
     try:
         page = Page.objects.get(pk=page_name)
         content = page.content
     except Page.DoesNotExist:
         content = ""
     return render_to_response("edit.html",{"page_name":page_name, "content":content}, context_instance=RequestContext(request))
 def save_page(request , page_name):
     content = request.POST.get('content', 'this is the default')
     try:
         page = Page.objects.get(pk = page_name)
         page.content = content
     except Page.DoesNotExist:
         page = Page(name= page_name , content=content)
         page.save()
         return HttpResponseRedirect("/wikicamp/" + page_name + "/")

试试这个。

您仍然遇到问题,请同时发布 urls .py

于 2013-02-23T12:03:32.967 回答