嘿,我正在按照本教程学习使用 Django 制作 wiki 页面。然而,它是用 django 0.96 制作的,而我使用 Django 1.3,所以有些东西是不同的。有些我已经自己修复了,但是这个我似乎无法让它发挥作用。
我制作了一个将数据提交到视图的表单。
这是形式:
<form method="post" action"/wikicamp/{{page_name}}/save/">{% csrf_token %}
<textarea name="content" rows="20" cols="60">{{content}}</textarea><br>
<input type="submit" value="Save Page"/>
</form>
并且 /wikicamp/{{page_name}}/save/ url 重定向到 save_page 视图:
from django.http import HttpResponseRedirect
from django.core.context_processors import csrf
def save_page(request, page_name):
c = {}
c.update(csrf(request))
content = c.POST["content"]
try:
page = Page.objects.get(pk=page_name)
page.content = content
except Page.DoesNotExist:
page = Page(name=page_name, content=content)
page.save()
return HttpResponseRedirect("wikicamp/" + page_name + "/")
但是问题是我收到此错误:
Help
Reason given for failure:
CSRF token missing or incorrect.
In general, this can occur when there is a genuine Cross Site Request Forgery, or when Django's CSRF mechanism has not been used correctly. For POST forms, you need to ensure:
The view function uses RequestContext for the template, instead of Context.
In the template, there is a {% csrf_token %} template tag inside each POST form that targets an internal URL.
If you are not using CsrfViewMiddleware, then you must use csrf_protect on any views that use the csrf_token template tag, as well as those that accept the POST data.
You're seeing the help section of this page because you have DEBUG = True in your Django settings file. Change that to False, and only the initial error message will be displayed.
You can customize this page using the CSRF_FAILURE_VIEW setting.
所以我阅读了一些文档,例如 http://docs.djangoproject.com/en/dev/ref/contrib/csrf/#how-to-use-it。但我尝试这样做,但仍然出现相同的错误。
那么:有人知道如何使用 Django 1.3 很好地处理表单发布数据吗?
我认为这与以下内容有关:视图函数使用 RequestContext 作为模板,而不是 Context。但我现在不知道它是什么。
顺便说一句,在我的终端中显示本地主机的 http 请求,它说:模板中使用了 {% csrf_token %},但上下文未提供该值。这通常是由于没有使用 RequestContext 造成的。
Hey, I am following this tutorial to learn to make a wiki page with Django. However, it is made in django 0.96 and I use Django 1.3 so there are some things that are different. Some I already fixed myself, however this one I can't seem to make it work.
I made a form that submits data to a view.
This is the form:
<form method="post" action"/wikicamp/{{page_name}}/save/">{% csrf_token %}
<textarea name="content" rows="20" cols="60">{{content}}</textarea><br>
<input type="submit" value="Save Page"/>
</form>
and the /wikicamp/{{page_name}}/save/ url redirects to the save_page view:
from django.http import HttpResponseRedirect
from django.core.context_processors import csrf
def save_page(request, page_name):
c = {}
c.update(csrf(request))
content = c.POST["content"]
try:
page = Page.objects.get(pk=page_name)
page.content = content
except Page.DoesNotExist:
page = Page(name=page_name, content=content)
page.save()
return HttpResponseRedirect("wikicamp/" + page_name + "/")
However the problem is that I get this error:
Help
Reason given for failure:
CSRF token missing or incorrect.
In general, this can occur when there is a genuine Cross Site Request Forgery, or when Django's CSRF mechanism has not been used correctly. For POST forms, you need to ensure:
The view function uses RequestContext for the template, instead of Context.
In the template, there is a {% csrf_token %} template tag inside each POST form that targets an internal URL.
If you are not using CsrfViewMiddleware, then you must use csrf_protect on any views that use the csrf_token template tag, as well as those that accept the POST data.
You're seeing the help section of this page because you have DEBUG = True in your Django settings file. Change that to False, and only the initial error message will be displayed.
You can customize this page using the CSRF_FAILURE_VIEW setting.
So I read through some of the documentation, like http://docs.djangoproject.com/en/dev/ref/contrib/csrf/#how-to-use-it. I tried to do that however and it still gave the same error.
So: Anyone an idea how to handle form post data well with Django 1.3?
I think it has something to do with: The view function uses RequestContext for the template, instead of Context. but i don't now what it is.
btw, in my terminal which shows the http request of the localhost it says this: A {% csrf_token %} was used in a template, but the context did not provide the value. This is usually caused by not using RequestContext.
发布评论
评论(4)
您将需要在标签之间添加 {% csrf_token %} 模板标签,并包含
在应用程序 settings.py 中的 MIDDLEWARE_CLASSES 中
添加一些示例发布数据处理:
这是我在其中使用 POST 数据的一次示例一个视图。我通常会依靠表单类通过 clean_data 数组进行验证。
You will need the {% csrf_token %} template tag in between your tags as well as including
in your MIDDLEWARE_CLASSES in the applications settings.py
Adding some example post data handling:
This is an example of one of the times I am using POST data in a view. I will generally rely on the form class to do verification via the cleaned_data array.
您必须在表单模板中的
如果
csrf_token未呈现到您的表单中,请确保您在视图的响应中提供RequestContext:或者,使用此快捷方法:
RequestContext 始终可用。You've got to include
{% csrf_token %}in your form's template between your<form>tags.If the
csrf_tokenis not rendered into your form make sure you're providing theRequestContextin the view's response:Or, use this shortcut method:
The
RequestContextis always available when you're using generic views.我猜您错过了表单声明中的符号“=”。
幸运的是,这可能不是一个错误。
因此,如果这不是解决方案,请尝试一些更简单的示例:
希望这会起作用
I guess you've missed the symbol '=' in the form declaration.
Fortunately, it might be not a mistake.
So if it is not a solution, try some more easy example:
Hope this will work
上面在第三行中使用“request.POST”而不是“c.POST”
并在“edit_page”中进行更改
re above use "request.POST" not "c.POST" in the 3rd line
and change in "edit_page"