可以将文章内容翻译成中文,广告屏蔽插件可能会导致该功能失效(如失效,请关闭广告屏蔽插件后再试):
问题:
I have some problem for a while now, I'm experiencing CSRF Cookie not set. Please look at the codes below
Python
def deposit(request,account_num): if request.method == 'POST': account = get_object_or_404(account_info,acct_number=account_num) form_=AccountForm(request.POST or None, instance=account) form = BalanceForm(request.POST) info = str(account_info.objects.filter(acct_number=account_num)) inf=info.split() if form.is_valid(): #cd=form.cleaned_data now = datetime.datetime.now() cmodel = form.save() cmodel.acct_number=account_num #RepresentsInt(cmodel.acct_number) cmodel.bal_change="%0.2f" % float(cmodel.bal_change) cmodel.total_balance="%0.2f" %(float(inf[1]) + float(cmodel.bal_change)) account.balance="%0.2f" % float(cmodel.total_balance) cmodel.total_balance="%0.2f" % float(cmodel.total_balance) #cmodel.bal_change=cmodel.bal_change cmodel.issued=now.strftime("%m/%d/%y %I:%M:%S %p") account.recent_change=cmodel.issued cmodel.save() account.save() return HttpResponseRedirect("/history/" + account_num + "/") else: return render_to_response('history.html', {'account_form': form}, context_instance=RequestContext(request))
In the HTML here is the code
HTML
<form action="/deposit/{{ account_num }}/" method="post"> <table> <tr> {{ account_form.bal_change }} <input type="submit" value="Deposit" /> </tr> {% csrf_token %} </table> </form>
Im stuck, I already cleared the cookie, used other browser but still csrf cookie not set.
回答1:
This can also occur if CSRF_COOKIE_SECURE = True is set and you are accessing the site non-securely.
回答2:
from django.http import HttpResponse from django.views.decorators.csrf import csrf_exempt @csrf_exempt def your_view(request): if request.method == "POST": # do something return HttpResponse("Your response")
回答3:
If you're using the HTML5 Fetch API to make POST requests as a logged in user and getting Forbidden (CSRF cookie not set.), it could be because by default fetch does not include session cookies, resulting in Django thinking you're a different user than the one who loaded the page.
You can include the session token by passing the option credentials: 'include' to fetch:
var csrftoken = getCookie('csrftoken'); var headers = new Headers(); headers.append('X-CSRFToken', csrftoken); fetch('/api/upload', { method: 'POST', body: payload, headers: headers, credentials: 'include' })
回答4:
From This You can solve it by adding the ensure_csrf_cookie decorator to your view
from django.views.decorators.csrf import ensure_csrf_cookie @ensure_csrf_cookie def yourView(request): #...
if this method doesn't work. you will try to comment csrf in middleware. and test again.
回答5:
This problem arose again recently due to a bug in Python itself.
http://bugs.python.org/issue22931
https://code.djangoproject.com/ticket/24280
Among the versions affected were 2.7.8 and 2.7.9. The cookie was not read correctly if one of the values contained a [ character.
Updating Python (2.7.10) fixes the problem.
回答6:
I was using Django 1.10 before.So I was facing this problem. Now I downgraded it to Django 1.9 and it is working fine.
回答7:
try to check if your have installed in the settings.py
MIDDLEWARE_CLASSES = ( 'django.middleware.common.CommonMiddleware', 'django.contrib.sessions.middleware.SessionMiddleware', 'django.middleware.csrf.CsrfViewMiddleware',)
In the template the data are formatted with the csrf_token:
<form>{% csrf_token %} </form>
回答8:
Problem seems that you are not handling GET requests appropriately or directly posting the data without first getting the form.
When you first access the page, client will send GET request, in that case you should send html with appropriate form.
Later, user fills up the form and sends POST request with form data.
Your view should be:
def deposit(request,account_num): if request.method == 'POST': form_=AccountForm(request.POST or None, instance=account) if form.is_valid(): #handle form data return HttpResponseRedirect("/history/" + account_num + "/") else: #handle when form not valid else: #handle when request is GET (or not POST) form_=AccountForm(instance=account) return render_to_response('history.html', {'account_form': form}, context_instance=RequestContext(request))
回答9:
Check that chrome's cookies are set with default option for websites. Allow local data to be set (recommended).
回答10:
Method 1:
from django.shortcuts import render_to_response return render_to_response( 'history.html', RequestContext(request, { 'account_form': form, })
Method 2 :
from django.shortcuts import render return render(request, 'history.html', { 'account_form': form, })
Because render_to_response method may case some problem of response cookies.
回答11:
Make sure your django session backend is configured properly in settings.py. Then try this,
class CustomMiddleware(object): def process_request(self,request:HttpRequest): get_token(request)
Add this middleware in settings.py under MIDDLEWARE_CLASSES or MIDDLEWARE depending on the django version
get_token - Returns the CSRF token required for a POST form. The token is an alphanumeric value. A new token is created if one is not already set.
回答12:
I came across a similar situation while working with DRF, the solution was appending .as_view() method to the View in urls.py
回答13:
I have just met once, the solution is to empty the cookies. And may be changed while debugging SECRET_KEY related.
回答14:
Clearing my browser's cache fixed this issue for me. I had been switching between local development environments to do the django-blog-zinnia tutorial after working on another project when it happened. At first, I thought changing the order of INSTALLED_APPS to match the tutorial had caused it, but I set these back and was unable to correct it until clearing the cache.
回答15:
In your view are you using the csrf decorator??
from django.views.decorators.csrf import csrf_protect
@csrf_protect def view(request, params): ....
