django 1.3 错误:CSRF token missing or incorrect
The CSRF middleware and template tag provides easy-to-use protection against Cross Site Request Forgeries. 也就是跨站请求伪造,django 1.3 默认配置了’django.middleware.csrf.CsrfViewMiddleware’,所以已经启用这个了……
MIDDLEWARE_CLASSES = ( 'django.middleware.common.CommonMiddleware', 'django.contrib.sessions.middleware.SessionMiddleware', 'django.middleware.csrf.CsrfViewMiddleware', 'django.contrib.auth.middleware.AuthenticationMiddleware', 'django.contrib.messages.middleware.MessageMiddleware', )
如果不想要的话,删了’django.middleware.csrf.CsrfViewMiddleware’就行了【就是不知道会不会在以后导致其它django自带模块出问题】。
不过这个可是好东西,还是留着吧!然后怎么用呢?只需要在每个form标签里面加上{% csrf_token %}即可:
<form action="." method="post">{% csrf_token %}
当然,仅仅这个还不够,还需要:
from django.core.context_processors import csrf from django.shortcuts import render_to_response def my_view(request): c = {} c.update(csrf(request)) # ... view code here return render_to_response("a_template.html", c)
这样就行了。。。
不过……每个函数都要这么写,太麻烦了。所以……You may want to write your own render_to_response() wrapper that takes care of this step for you.
OR use RequestContext:
参考:https://docs.djangoproject.com/en/dev/ref/contrib/csrf/#ref-contrib-csrf
转载请注明: 转载自http://jyd.me/
- djangobook2 第7章的一个练习:template
- [转载]每次打开office 2010都出现配置进度框