django-csrf

问题 I have a contact form in Django for my website and when I was testing it locally it was working fine but now when I try to submit my contact form "live" it always comes up with 403 Forbidden CSRF verification failed. view: def contact(request): if request.method == 'POST': form = ContactForm(request.POST) if form.is_valid(): cd = form.cleaned_data send_mail( cd['subject'], cd['message'], cd.get('email', 'noreply@example.org'), ['example@gmail.com'], ) return HttpResponseRedirect('/thanks/')

问题 I have a contact form in Django for my website and when I was testing it locally it was working fine but now when I try to submit my contact form "live" it always comes up with 403 Forbidden CSRF verification failed. view: def contact(request): if request.method == 'POST': form = ContactForm(request.POST) if form.is_valid(): cd = form.cleaned_data send_mail( cd['subject'], cd['message'], cd.get('email', 'noreply@example.org'), ['example@gmail.com'], ) return HttpResponseRedirect('/thanks/')

问题 I have a contact form in Django for my website and when I was testing it locally it was working fine but now when I try to submit my contact form "live" it always comes up with 403 Forbidden CSRF verification failed. view: def contact(request): if request.method == 'POST': form = ContactForm(request.POST) if form.is_valid(): cd = form.cleaned_data send_mail( cd['subject'], cd['message'], cd.get('email', 'noreply@example.org'), ['example@gmail.com'], ) return HttpResponseRedirect('/thanks/')

问题 I am making ajax call like below: var data_dict = {'user':{{ user.id }}, 'bookId':that.id, 'csrfmiddlewaretoken': '{{ csrf_token }}'}; $.ajax({ type: 'POST', url:"/issuebook", data:data_dict, processData: false, contentType: false, success:function(response) { } }); urls.py is: urlpatterns = [ url(r'^$',views.checkLogin,name='checklogin'), url(r'^mylibrary/(?P<pk>\d+)/(?P<user_name>[\w\-]+)$',login_required(views.MyLibrary.as_view()),name='mylibrary'), url(r'^centrallibrary/(?P<pk>\d+)/(?P

问题 I am making ajax call like below: var data_dict = {'user':{{ user.id }}, 'bookId':that.id, 'csrfmiddlewaretoken': '{{ csrf_token }}'}; $.ajax({ type: 'POST', url:"/issuebook", data:data_dict, processData: false, contentType: false, success:function(response) { } }); urls.py is: urlpatterns = [ url(r'^$',views.checkLogin,name='checklogin'), url(r'^mylibrary/(?P<pk>\d+)/(?P<user_name>[\w\-]+)$',login_required(views.MyLibrary.as_view()),name='mylibrary'), url(r'^centrallibrary/(?P<pk>\d+)/(?P

问题 I am making ajax call like below: var data_dict = {'user':{{ user.id }}, 'bookId':that.id, 'csrfmiddlewaretoken': '{{ csrf_token }}'}; $.ajax({ type: 'POST', url:"/issuebook", data:data_dict, processData: false, contentType: false, success:function(response) { } }); urls.py is: urlpatterns = [ url(r'^$',views.checkLogin,name='checklogin'), url(r'^mylibrary/(?P<pk>\d+)/(?P<user_name>[\w\-]+)$',login_required(views.MyLibrary.as_view()),name='mylibrary'), url(r'^centrallibrary/(?P<pk>\d+)/(?P

问题 I am implementing an API that works either with an API key, or with a CSRF token. The goal is for it to be usable either by a web app (protected by CSRF) or by a third party application (protected by API key). Basically on each request (all via POST), I check if there is an API key. If there is a valid one, it's good to go. If not, I want to fall back to verifying CSRF. Is there a function I can call to verify the CSRF myself? The view itself is @csrf_exempt because API keys need to work. 回答1

问题 I upgraded Django from 1.8 to 1.9. Afterwards, I get this error on my localhost after the Django admin login: Referer checking failed - Referer is insecure while host is secure . Everything works fine in production. Below is a snippet of my settings.py file: SECURE_PROXY_SSL_HEADER = ('HTTP_X_FORWARDED_PROTO', 'https') SESSION_COOKIE_SECURE = True CSRF_COOKIE_SECURE = True 回答1: Those lines in your settings.py file are fine on production because you're using an SSL certificate attached to your

问题 I want to make a POST request from a React app using Axios to a Django Rest Framework backend. I have managed to get a CSRF Token from the backend but I can't manage to send it with my request, so I always get a Forbidden (CSRF cookie not set.) error: This is the code of my React app: handleClick() { const axios = require('axios'); var csrfCookie = Cookies.get('XSRF-TOKEN'); console.log(csrfCookie) axios.post('http://127.0.0.1:8000/es/api-auth/login/', { next: '/', username: 'admin@admin.com'

问题 Why isn't the markup for the hidden input field showing up when i use {{ csrf_token }} ? Here's a snippet from my template: <form action="." method="post"> {{ csrf_token }} I'm expecting something like this to be generated: <form action="." method="post"> <input type="hidden" name="csrfmiddlewaretoken" value="0c90dab91e22382cbaa5ef375f709167"> But instead, this is the HTML that's generated: <form action="." method="post"> 0c90dab91e22382cbaa5ef375f709167 I've done this many times and it's