线程评论 - csrf 令牌和用户名
我正在使用 django-threadedcomments。除了两件事外,一切正常:csrf 令牌和用户模板标签。
问题是,当用户提交评论时,表单没有 csrf 令牌,因此无法在服务器端验证表单。尝试将 csrf 令牌添加到线程注释通过内部传递的字典中,但没有结果;不断收到错误(其中大多数错误表明此方法只需要 2 个参数,其中给出了 3 个参数)。尝试修复这些方法以接受 3 个参数并进一步传递第三个参数;没有成功。
过去有人偶然发现过同样的问题并解决了吗?因为这对我来说不是一个可接受的解决方案:
MIDDLEWARE_CLASSES = (
#'django.middleware.csrf.CsrfViewMiddleware',
)
第二个 - 有一个 HTML 帮助器来获取发表评论的用户的 user_id 。是否有一个开箱即用的 html 帮助器可以通过 id 获取用户的名称,或者我必须自己编写它?
http://code.google.com/p/django-threadedcomments/
这里是该项目的代码,我无法确切地告诉它的哪些部分应该发布在这里,所以我只是给出整个项目的链接。
我真的被困在这里,欢迎任何帮助。
提前致谢。
I am using django-threadedcomments. Everything works fine except 2 things: csrf token and user template tag.
Problem is, when user submits a comment, there is no csrf token for the form, so the form could not be validated server-side. Tried adding csrf token to the dictionaries that threaded-comments passes internal with no result; kept receiving errors (most of them telling that this-method takes only 2 arguments with 3 given). Tried to fix those methods to accept 3 arguments and just pass third one further; no success.
Did someone stumble upon the same problem in past and solved it? because this is not an acceptable solution for me:
MIDDLEWARE_CLASSES = (
#'django.middleware.csrf.CsrfViewMiddleware',
)
Second one - there is a HTML helper to get the user_id for the user who posted a comment. Is there an out of the box html helper to get the name of the user by id or would i have to write it myself?
http://code.google.com/p/django-threadedcomments/
Here is the code for the project, I cant really tell exactly which chunks of it should be posted here so I just give link to the entire project.
I am really stuck in here and any help would be welcomed.
Thanks in advance.
如果你对这篇内容有疑问,欢迎到本站社区发帖提问 参与讨论,获取更多帮助,或者扫码二维码加入 Web 技术交流群。
绑定邮箱获取回复消息
由于您还没有绑定你的真实邮箱,如果其他用户或者作者回复了您的评论,将不能在第一时间通知您!
发布评论
评论(3)
csrf_token是一个模板标记——它不应该作为参数传递到某个地方。我查看了
threadedcomments,它基于contrib.comments,没有 html 渲染,因此您可以将csrf_token插入您的模板。显示表单代码的模板代码是什么样的?
如果您启用了
CsrfViewMiddleware并且在视图中使用RequestContext,则只需在中添加{% csrf_token %}>标签。关于获取用户名:
ThreadedComment是Comment的子类,它具有name属性,或者您可以直接访问User。 。csrf_tokenis a template tag -- it shouldn't be passed as an argument somewhere.I took a look at
threadedcommentsand it's based oncontrib.commentswith no html rendering, so it's up to you to insert thecsrf_tokenin your template.What does your TEMPLATE code look like that is displaying your form code?
If you have
CsrfViewMiddlewareenabled and you are usingRequestContextin your view, you simply need to add{% csrf_token %}inside of your<form></form>tags.As for getting the user name:
ThreadedCommentis a subclasses ofCommentwhich has anameproperty, or you could just access theUserdirectly...您应该在视图中使用
{% csrf_token %}标签或@csrf_protectYou should use
{% csrf_token %}tag or@csrf_protectin a views您可以将表单放入其自己的模板中,并将其
{% include %}放入您的页面模板中。从 Django 1.3 开始,{% include %}可以将上下文变量传递给包含的模板。以下是我使用django.contrib.comments而不是 templatetag 的内容:{%csrf_token %}在此包含的模板中工作,因为它使用您的主视图上下文。You can put your form in its own template and
{% include %}it into your page template. As of Django 1.3,{% include %}can pass context variables to the included template. Here's what I'm using withdjango.contrib.commentsinstead of a templatetag:{%csrf_token %}works in this included template because it's using your main view context.