问题
I have a flow in my django application in which I redirect the user to another service (e.g. PayPal) which after some its own processing, returns the user back on my own server. The returning point on my server is a simple HTML success page which I render using direct_to_template.
For some odd reasons, the other server sends a POST request and hence the user sees a CSRF token missing error as the other server doesn't send back any CSRF token.
How do I exempt a direct_to_template view from CSRF tokens?
回答1:
You can use the csrf_exempt decorator to disable CSRF protection for a particular view.
Say your url pattern is:
('^my_page/$', direct_to_template, {'template': 'my_page.html'})
Add the following import to your urls.py:
from django.views.decorators.csrf import csrf_exempt
Then change the url pattern to:
('^my_page/$', csrf_exempt(direct_to_template), {'template': 'my_page.html'})
回答2:
You can Use @csrf_exempt decorator to excempt csrf token for this you have to import
from django.views.decorators.csrf import csrf_exempt
then write @csrf_exempt before your view
this will work properly :)
来源:https://stackoverflow.com/questions/11610306/how-to-exempt-csrf-protection-on-direct-to-template