CSRF Token missing or incorrect

问题:

Beginner at Django here, I've been trying to fix this for a long time now. I do have 'django.middleware.csrf.CsrfViewMiddleware' in my middleware classes and I do have the token in my post form.

Heres my code, what am I doing wrong?

from django.contrib.auth.forms import UserCreationForm from django.shortcuts import render_to_response from django.http import HttpResponseRedirect from chartsey.authentication.forms import RegistrationForm from django.template import RequestContext from django.core.context_processors import csrf  def register(request):      if request.method == 'POST':         c = RequestContext(request.POST, {})         form = RegistrationForm(c)         if form.is_valid():             new_user = form.save()             return HttpResponseRedirect("/")     else:         form = RegistrationForm()      return render_to_response("register.html",  {'form': form,  }, ) 

Here's my Template:

{% block content %}      
Register
     
 {% csrf_token %}         {{ form.as_p }}     
  {% endblock %} 

回答1:

My guess is that you have the tag in the template but it's not rendering anything (or did you mean you confirmed in the actual HTML that a CSRF token is being generated?)

Either use RequestContext instead of a dictionary

render_to_response("foo.html", RequestContext(request, {})) 

Or make sure you have django.core.context_processors.csrf in your CONTEXT_PROCESSORS setting.

https://docs.djangoproject.com/en/dev/ref/contrib/csrf/

Or add the token to your context manually

回答2:

Just add this to your views

return render_to_response("register.html", {'form': form, }, context_instance = RequestContext(request))

It will work!!

回答3:

Try using render instead of render_to_response:

from django.shortcuts import render  render(request, "foo.html", {}) 

Django - what is the difference between render(), render_to_response() and direct_to_template()?

As stated in the link above it was introduced in Django 1.3 and automatically uses RequestContext

回答4:

If you are not using CsrfViewMiddleware, then you must use csrf_protect on any views that use the csrf_token template tag, as well as those that accept the POST data.

回答5:

The addition of RequestContext is the key when using render_to_response as mentioned by @Yuji 'Tomita' Tomita and @Njogu Mbau. However, what initially threw me off when I was struggling with this problem was that I had to add RequestContext to both the function in views.py that initially loads the template and to the function in views.py that handles the submission from the template.

Also, just for reference, here are some other links that discuss this same problem

• Django - CSRF token missing or incorrect
• Django 403 CSRF token missing or incorrect
• Django --CSRF token missing or incorrect
• Django CSRF Cookie Not Set *

回答6:

Also got this error randomly on some pages after I installed django-livereload-server. Uninstalling django-livereload-server did the trick.

回答7:

What worked for me was commenting out the below line from my settings.py

'django.middleware.csrf.CsrfViewMiddleware'

文章来源: CSRF Token missing or incorrect