花了两天时间在谷歌、stackoverflow和docs.djangoproject.com上搜索CSRF问题的解决方案。
免责声明,我是Django的初学者,并遵循《Django-web开发的权威指南》一书 嗯,显然我做错了什么:-(
看看下面的一个这样的尝试,看看你是否可以指出任何错误,因为我已经尝试了关于stackoverflow的所有建议,但还没有成功:
view.py:
from django.shortcuts import render_to_response
from django.template import RequestContext
def add_vehicle(request):
return render_to_response('vehicle.html', RequestContext(request, {}))
vehicle.html:
{% extends "base.html" %}
{% block title %}Vehicle Registration{% endblock %}
{% block content %}
<html>
<head>
</head>
<body>
<form action="/vehicle/" method="post"> {% csrf_token %}
<table width=100%>
<tr>
<td>Reg #:</td>
<td><input type="text" name="regnumber"></td>
<td></td>
</tr>
<tr>
<td>Model:</td>
<td><input type="text" name="model"></td>
<td></td>
</tr>
<tr>
<td>Manufacturer:</td>
<td><input type="text" name="manufacturer"></td>
<td></td>
</tr>
<tr>
<td>Year:</td>
<td><input type="text" name="year"></td>
<td></td>
</tr>
<tr>
<td>Chassis #:</td>
<td><input type="text" name="chasisnumber"></td>
<td></td>
</tr>
<tr>
<td></td>
<td><input type="submit" value="Submit">
<input type="submit" value="Clear">
</td>
<td></td>
</tr>
</table>
</form>
</body>
</html>
{% endblock %}
我希望这对stackoverflow来说不是太多的代码
现在,我不断得到CSRF令牌丢失或不正确。
请协助。
编辑(添加错误详细信息)
settings.py看起来是这样的:
MIDDLEWARE_CLASSES = (
'django.middleware.common.CommonMiddleware',
'django.contrib.sessions.middleware.SessionMiddleware',
'django.middleware.csrf.CsrfViewMiddleware',
'django.contrib.auth.middleware.AuthenticationMiddleware',
'django.contrib.messages.middleware.MessageMiddleware',
)
以下是当我打开vehicle.html页面时控制台显示的内容:
warnings.warn("A {% csrf_token %} was used in a template, but the context did not provide the value. This is usually caused by not using RequestContext.")
render_to_response的签名是render_to_response(template_name[, dictionary][, context_instance][, mimetype]),所以您应该像下面这样调用它以确保csrf令牌被放入上下文中吗?
return render_to_response('vehicle.html', {}, context_instance= RequestContext(request))`
您应该查看此文档https://docs.djangoproject.com/en/dev/ref/contrib/csrf/
您可能缺少中间软件