使用 Django-nonrel 在 GAE 上发布文件时出现 CSRF 错误
当我尝试发布文件时遇到问题。
当我在开发服务器上时它工作正常,
但在 GAE 上,我只能发布文本,而不能发布文件。
下面是我正在使用的表单:
<form id="file" method="post" enctype="multipart/form-data" encoding="multipart/form-data" action="{{ upload_url }}">
{% for field in upload_form %}
<div class="field">
{{ field.label_tag }}
<div class="input">
{{ field }} {{ field.help_text }}
</div>
{% if field.errors %}
<ul class="errors">
{% for error in field.errors %}
<li>{{ error|escape }}</li>
{% endfor %}
</ul>
{% endif %}
</div>
{% endfor %}
<input class="submit" type="submit" value="Upload"/>
</form>
我相信我已经包含了适当的中间件,
# Media middleware has to come first
'mediagenerator.middleware.MediaMiddleware',
# This loads the index definitions, so it has to come first
'autoload.middleware.AutoloadMiddleware',
'django.middleware.cache.UpdateCacheMiddleware',# the "update" middleware must be first
'django.contrib.sessions.middleware.SessionMiddleware', # Session middleware needs to come before Auth middleware, because authentication is handled with sessions.
'django.contrib.auth.middleware.AuthenticationMiddleware',
'django.contrib.csrf.middleware.CsrfViewMiddleware',# It should come before any view middleware that assume that CSRF attacks have been dealt with.
'django.middleware.csrf.CsrfResponseMiddleware',
'django.middleware.common.CommonMiddleware',
'django.middleware.cache.FetchFromCacheMiddleware',# the "fetch" middleware must be last
'google.appengine.ext.appstats.recording.AppStatsDjangoMiddleware',
我看到 django 正在添加一个名为“csrfmiddlewaretoken”的隐藏输入,并在开发服务器和 GAE 上添加一些 csrf 令牌值。
但是,每当我尝试上传文件时,它都会显示 csrf 错误消息。
我怀疑缓存导致了这个问题,因为它是在我包含缓存中间件后不久就开始的。
现在我正在尝试通过重新排序我的中间件来解决这个问题,但到目前为止还没有运气。
以前有人遇到过我的问题吗?
I'm having a problem when I try to post a file.
It works fine when I'm on dev server,
but on GAE, I can only post text only, never a file.
Below is the form I am using:
<form id="file" method="post" enctype="multipart/form-data" encoding="multipart/form-data" action="{{ upload_url }}">
{% for field in upload_form %}
<div class="field">
{{ field.label_tag }}
<div class="input">
{{ field }} {{ field.help_text }}
</div>
{% if field.errors %}
<ul class="errors">
{% for error in field.errors %}
<li>{{ error|escape }}</li>
{% endfor %}
</ul>
{% endif %}
</div>
{% endfor %}
<input class="submit" type="submit" value="Upload"/>
</form>
I believe that I have included appropriate middlewares
# Media middleware has to come first
'mediagenerator.middleware.MediaMiddleware',
# This loads the index definitions, so it has to come first
'autoload.middleware.AutoloadMiddleware',
'django.middleware.cache.UpdateCacheMiddleware',# the "update" middleware must be first
'django.contrib.sessions.middleware.SessionMiddleware', # Session middleware needs to come before Auth middleware, because authentication is handled with sessions.
'django.contrib.auth.middleware.AuthenticationMiddleware',
'django.contrib.csrf.middleware.CsrfViewMiddleware',# It should come before any view middleware that assume that CSRF attacks have been dealt with.
'django.middleware.csrf.CsrfResponseMiddleware',
'django.middleware.common.CommonMiddleware',
'django.middleware.cache.FetchFromCacheMiddleware',# the "fetch" middleware must be last
'google.appengine.ext.appstats.recording.AppStatsDjangoMiddleware',
I see django is adding a hidden input called "csrfmiddlewaretoken" with some csrf token value on dev server and on GAE as well.
However, whenever I attempt to upload a file it gives me the csrf error message.
I suspect that caching is causing this problem since it started soon after I included caching middlewares.
For now I'm trying to solve this problem by reordering my middlewares but no luck so far.
Did anyone faced my problem before?
如果你对这篇内容有疑问,欢迎到本站社区发帖提问 参与讨论,获取更多帮助,或者扫码二维码加入 Web 技术交流群。
绑定邮箱获取回复消息
由于您还没有绑定你的真实邮箱,如果其他用户或者作者回复了您的评论,将不能在第一时间通知您!
发布评论
评论(1)
在表单中的某处包含标签 {% csrf_token %}。
Include the tag {% csrf_token %} somewhere in your form.