0

我有一个简单的应用程序,允许您将图像上传到服务器上,它设置在我的生产服务器上,由 django + uwsgi + ngnix 组成。现在的问题是模板中没有出现 csrf 令牌,当我尝试上传图片时,它会显示此错误

Forbidden (403)

CSRF verification failed. Request aborted.
Reason given for failure:
CSRF token missing or incorrect.

我清楚地理解这个错误。{% csrf_token %}位于模板内,并且 csrf 在MIDDLEWARE_CLASSES. 我还在开发服务器上测试了我的应用程序,它工作正常。什么可能导致{% csrf_token %}我的生产服务器上的模板中没有出现。

我可以看到表格,但是当我查看源代码时,没有 csrf 令牌。

设置

DEBUG = True
TEMPLATE_DEBUG = DEBUG

ADMINS = (
    # ('Your Name', 'your_email@example.com'),
)

MANAGERS = ADMINS

DATABASES = {
    'default': {
        'ENGINE': 'django.db.backends.sqlite3', # Add 'postgresql_psycopg2', 'mysql', 'sqlite3' or 'oracle'.
        'NAME': '/home/projects/mysite/d.db',                      # Or path to database file if using sqlite3.
        # The following settings are not used with sqlite3:
        'USER': '',
        'PASSWORD': '',
        'HOST': '',                      # Empty for localhost through domain sockets or '127.0.0.1' for localhost through TCP.
        'PORT': '',                      # Set to empty string for default.
    }
}


ALLOWED_HOSTS = []


TIME_ZONE = 'America/Chicago'

LANGUAGE_CODE = 'en-us'

SITE_ID = 1


U    SE_I18N = True


USE_L10N = True

USE_TZ = True

MEDIA_ROOT = '/home/projects/mysite/media/'


MEDIA_URL = '/media/'


STATIC_ROOT = ''

STATIC_URL = '/static/'

# Additional locations of static files
STATICFILES_DIRS = (
    # Put strings here, like "/home/html/static" or "C:/www/django/static".
    # Always use forward slashes, even on Windows.
    # Don't forget to use absolute paths, not relative paths.
)

# List of finder classes that know how to find static files in
# various locations.
STATICFILES_FINDERS = (
    'django.contrib.staticfiles.finders.FileSystemFinder',
    'django.contrib.staticfiles.finders.AppDirectoriesFinder',
#    'django.contrib.staticfiles.finders.DefaultStorageFinder',
)

ist of callables that know how to import templates from various sources.
TEMPLATE_LOADERS = (
    'django.template.loaders.filesystem.Loader',
    'django.template.loaders.app_directories.Loader',
#         'django.template.loaders.eggs.Loader',
)

MIDDLEWARE_CLASSES = (
    'django.middleware.common.CommonMiddleware',
    'django.contrib.sessions.middleware.SessionMiddleware',
    'django.middleware.csrf.CsrfViewMiddleware',
    'django.contrib.auth.middleware.AuthenticationMiddleware',
    'django.contrib.messages.middleware.MessageMiddleware',
    # Uncomment the next line for simple clickjacking protection:
    # 'django.middleware.clickjacking.XFrameOptionsMiddleware',
)

ROOT_URLCONF = 'mysite.urls'


# Python dotted path to the WSGI application used by Django's runserver.
WSGI_APPLICATION = 'mysite.wsgi.application'

TEMPLATE_DIRS = (
    # Put strings here, like "/home/html/django_templates" or "C:/www/django/templates".
    # Always use forward slashes, even on Windows.
    # Don't forget to use absolute paths, not relative paths.
)

意见

def upload(request):
    form = ImageForm()
    if request.POST:
        form = ImageForm(request.POST, request.FILES)

        image = request.FILES.get('image')
        CarPhoto.objects.create(user=request.user,cars=1,description='dwq',image=image)
    return render(request,'image.html',{'form':form})

模板

<form method="POST" enctype="multipart/form-data">

{% csrf_token %}
<div id="c">image</div> {{form.image}}
dwqdwqdwq
        <input type = "submit" value= "add" id="box2"/>
</form>{% csrf_token %}

查看源代码

 <form method="POST" enctype="multipart/form-data"><div id="c">image</div><input    id="id_image" name="image" type="file" /> dwqdwqdwq <input type="submit" value="add" id="box2"/></form>
4

1 回答 1

3

您的视图缺少令牌,因为您没有设置它。

更改此行

return render(request,'image.html',{'form':form})

context = {'form':form,}
context.update(csrf(request))
return render(request,'image.html', context)

或者

from django.core.context_processors import csrf
from django.shortcuts import render_to_response

return render_to_response('image.html', context, context_instance=RequestContext(request))

您可以根据自己的口味使用其中任何一种,此外,您必须{% csrf_token %}在模板中使用。外面的那个<form>是多余的。

阅读文档很好!

于 2013-06-26T10:56:41.740 回答