Question

我现在有一些问题，我没有设置CSRF Cookie。请查看以下代码

views.py

    from django.shortcuts import render_to_response
from django.contrib.auth import authenticate, login
from django.conf.urls import patterns, url, include
from django.template.context_processors import csrf
def login_user(request):
    state = "Please log in below..."
    username = password = ''
    dic = {}
    if request.POST:
        username = request.POST.get('username')
        password = request.POST.get('password')

        user = authenticate(username=username, password=password)
        if user is not None:
            if user.is_active:
                login(request, user)
                state = "You're successfully logged in!"
            else:
                state = "Your account is not active, please contact the site admin."
        else:
            state = "Your username and/or password were incorrect."
        dic['state'] = state
        dic['username'] = username
        dic.update(csrf(request))

    return render_to_response('authen/auth.html',dic )

模板（authen.html）

 <html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en" lang="en">
<head>
<title>Log in</title>
<meta http-equiv="Content-type" content="text/html; charset=utf-8" />
<style>
body{
    font-family:Arial,Helvetica,sans-serif;
    font-size: 12px;
}
</style>
</head>
<body>
    {{ state }}
    <form action="/login/" method="post">{% csrf_token %}
        {% if next %}
        <input type="hidden" name="next" value="{{ next }}" />
        {% endif %}
        username: 
        <input type="text" name="username" value="{{ username}}" /><br />
        password:
        <input type="password" name="password" value="" /><br />

        <input type="submit" value="Log In" />
    </form>
</body>

urls.py

from django.conf.urls import include, url
    from . import views

     urlpatterns = [
       url(r'^$', views.login_user),
      ]

setting.py

  INSTALLED_APPS = (
'django.contrib.admin',
'django.contrib.auth',
'django.contrib.contenttypes',
'django.contrib.sessions',
'django.contrib.messages',
'django.contrib.staticfiles',
 'authen')
MIDDLEWARE_CLASSES = (
    'django.contrib.sessions.middleware.SessionMiddleware',
    'django.middleware.common.CommonMiddleware',
    'django.middleware.csrf.CsrfViewMiddleware',
    'django.contrib.auth.middleware.AuthenticationMiddleware',
    'django.contrib.auth.middleware.SessionAuthenticationMiddleware',
    'django.contrib.messages.middleware.MessageMiddleware',
    'django.middleware.clickjacking.XFrameOptionsMiddleware',
    'django.middleware.security.SecurityMiddleware',
    'django.contrib.sessions.middleware.SessionMiddleware',
)
ROOT_URLCONF = 'Auth.urls'
TEMPLATES = [
    {
        'BACKEND': 'django.template.backends.django.DjangoTemplates',
        'DIRS': [],
        'APP_DIRS': True,
        'OPTIONS': {
            'context_processors': [
                'django.template.context_processors.debug',
                'django.template.context_processors.request',
                'django.contrib.auth.context_processors.auth',
                'django.contrib.messages.context_processors.messages',
                'django.template.context_processors.csrf'
            ],
        },
    },
]

WSGI_APPLICATION = 'Auth.wsgi.application'

我卡住了，我已经清除了cookie，使用了其他浏览器，但仍未设置csrf cookie。

Answer 1

您正在手动将CSRF令牌添加到上下文中，但您只是在 POST之后执行此操作。 CSRF令牌的重点是它由GET设置，并在POST上检查。由于您没有在GET上设置它，POST将失败。

但是不应该手动设置它。只要你使用RequestContext，Django就会为你做这件事。这样做的方法是使用render快捷方式，将请求传递给它，而不是旧的render_to_response。

移除对csrf(request)的来电，并将上一行替换为：

return render(request, 'authen/auth.html', dic)

Answer 2

在你的view.py中添加RequestContext（request）到render_to_response：

QPointer

csrf cookie没有设置django

2 个答案: