我正在尝试设置一个原始的HTML表单,用户可以在其中提出建议,然后使用Post方法将其保存在数据库中,但是即使在关注之后,我也会继续获得Forbidden (403) CSRF verification failed. Request aborted.帮助部分中的步骤
我发现,如果我在这样的视图上添加csrf_exempt,我不会遇到错误:
from django.views.decorators.csrf import csrf_exempt
@csrf_exempt
def suggest_ptags(request):
context = {}
print("Form is submitted.")
return render(request, "partials/search_form.html", context)
,但我知道它完全消除了CSRF保护,我不想要。
那我该怎么办?
这是我的search_form.html在模板中的部分文件夹中的形式:
<!-- Suggestion Form in popup -->
<div class="prop-modal">
<div class="prop-content">
<a class="btn-close-prop">×</a>
<img src="{% static 'images/pyramids.svg' %}">
<form action="/suggest_ptags/" class="feedback-form" method="POST" enctype="text/plain">
{% csrf_token %}
<h5 class="title-prop">Suggestion</h5>
<input class="input-prop" name="suggest" rows="3" cols="37" placeholder="suggest something..."></input>
<input class="button-prop" type="submit" value="Envoyez"></input>
</form>
</div>
</div>
我当前的Views.py:
from django.views.decorators.csrf import ensure_csrf_cookie
@ensure_csrf_cookie
def suggest_ptags(request):
context = {}
print("Form is submitted.")
return render(request, "partials/search_form.html", context)
和我的URL:
from django.conf.urls import url
from django.contrib import admin
from search.views import HomeView, ProductView, FacetedSearchView, autocomplete, suggest_ptags
from .settings import MEDIA_ROOT, MEDIA_URL
from django.conf.urls.static import static
urlpatterns = [
url(r'^$', HomeView.as_view(), name='home'),
url(r'^admin/', admin.site.urls),
url(r'^suggest_ptags/$', suggest_ptags, name='suggest_ptags'), #Suggestions
url(r'^product/(?P<slug>[w-]+)/$', ProductView.as_view(), name='product'),
url(r'^search/autocomplete/$', autocomplete),
url(r'^search/', FacetedSearchView.as_view(), name='haystack_search'),
] + static(MEDIA_URL, document_root=MEDIA_ROOT)
有什么解决方案?
您不应使用enctype="text/plain"。您可以将其删除(与enctype="multipart/form-data"相同(,或者在上传文件时使用enctype="multipart/form-data"。