Jul
11
2010

CSRF verification failed. Request aborted.

运行Django Step by Step第二节的例子,出现如下错误,解决方法是:修改settings.py,添加‘django.middleware.csrf.CsrfResponseMiddleware’,最后结构如下:

MIDDLEWARE_CLASSES = (
‘django.middleware.common.CommonMiddleware’,
‘django.contrib.sessions.middleware.SessionMiddleware’,
‘django.contrib.auth.middleware.AuthenticationMiddleware’,
‘django.middleware.csrf.CsrfViewMiddleware’,
‘django.middleware.csrf.CsrfResponseMiddleware’,
)

 

403 Forbidden

CSRF verification failed. Request aborted.

Help

Reason given for failure:

    CSRF token missing or incorrect.

In general, this can occur when there is a genuine Cross Site Request Forgery, or when Django’s CSRF mechanism has not been used correctly. For POST forms, you need to ensure:

  • The view function uses RequestContext for the template, instead of Context.
  • In the template, there is a {% csrf_token %} template tag inside each POST form that targets an internal URL.
  • If you are not using CsrfViewMiddleware, then you must use csrf_protect on any views that use the csrf_token template tag, as well as those that accept the POST data.

You’re seeing the help section of this page because you have DEBUG = True in your Django settings file. Change that to False, and only the initial error message will be displayed.

You can customize this page using the CSRF_FAILURE_VIEW setting.

本文作者:Feng
本文链接:http://fengg.net/archives/186/

By Feng in: 码上码下 | Tags: ,
欢迎订阅: 订阅到iGoogle或Google Reader 订阅到鲜果 订阅到抓虾 订阅到我的雅虎 订阅到网易有道 订阅到QQ邮箱
收藏分享: Google书签 | QQ书签 | Del.icio.us | Technorati
  • No Related Post

随机日志

«
»
There are no comment,Leave a comment»

RSS feed for comments on this post. TrackBack URL

Leave a Reply

可以使用部分XHTML标签:

<a href="" title=""> <abbr title=""> <acronym title=""> <b> <blockquote cite=""> <cite> <code> <del datetime=""> <em> <i> <q cite=""> <strike> <strong>

Feng’s blog(Sitemap) Powered by WordPress. Host by 理想空间. Admin. (TOP)