使用flatpages创建一个简单的facebook应用程序,但是由signed_request引起的CSRF问题
我正在尝试为客户的 Facebook 页面创建一个简单的、仅 html 的 Facebook 应用程序。我想使用 django 的平面页面,以便客户和他的员工可以通过其网站的 django 管理员更改应用程序的内容。问题是 Django 返回 403“CSRF 验证失败。请求中止。”当 facebook 尝试发送自己的 POST 信息并访问应用程序的 url 时出错。
我已经了解 @csrf_exempt 装饰器,但我不确定如何将其应用到平面视图,因为它位于 django.contrib 代码中。此外,我只想在要求视图调用特定 facebook.html 模板(而不是 default.html 模板)时禁用 csrf 保护。例如,如果碰巧有一个 {% crsf_exempt %} 模板标签,那就完美了。
有人能想办法解决这个问题吗?或者也许我应该放弃使用 django-flatpages 来服务 facebook 应用程序的想法?
I am trying to create a simple, html-only facebook app for a client's fb page. I would like to use django's flatpages so that the client and his staff can change the content of the app through the django admin of their site. The problem is that Django returns a 403 "CSRF verification failed. Request aborted." error when facebook attempts to send its own POST info and access the url of the app.
I already know about the @csrf_exempt decorator, but I am not sure how I would apply it to the flatpage view, as it is within the django.contrib code. Furthermore I would only want to disable csrf protection when the view is asked to call a specific facebook.html template (not not the default.html template). If there happened to be a {% crsf_exempt %} template tag for example, that would be perfect.
Can anyone think of a way to resolve this problem? Or maybe I should give up on the idea of using the django-flatpages to serve the facebook app?
如果你对这篇内容有疑问,欢迎到本站社区发帖提问 参与讨论,获取更多帮助,或者扫码二维码加入 Web 技术交流群。
绑定邮箱获取回复消息
由于您还没有绑定你的真实邮箱,如果其他用户或者作者回复了您的评论,将不能在第一时间通知您!
发布评论
评论(2)
尝试在名为 facebook 的视图上使用此装饰器:
这将禁用该视图上的 csrf 保护。
这有帮助吗?
Try using this decorator on your views that are called facebook:
this will disable csrf protection on that view.
Does this help?
我遇到了和你完全相同的问题。我想禁用平面页面的 csrf(但不是网站的其余部分),最终得到了以下中间件:
将其添加到您的设置中,只要有平面页面,它就会禁用 csrf 检查。
I ran into the exact same problem as you. I wanted to diable csrf for flatpages (but not for the rest of the site) and ended up with the following middleware:
Add it to your settings and it should disable the csrf check whenever there's a flatpage.