表格未提交CSRF令牌丢失，尽管它在渲染的HTML中

发布于 2025-01-30 12:47:06 字数 2373 浏览 3 评论 0原文

在Django中提交表格时，我会遇到“ CSRF令牌丢失”错误。我正在使用与HTMX结合使用的Django-Crispy形式。

该表格是通过render_crispy_form渲染的：

def SwapFormView(request, partialform):
    ctx = {}
    ctx.update(csrf(request))
    mitglied = model_to_dict(request.user.mitglied)
    if request.method == 'POST':
        # do form things
        return HttpResponse("""POST""")
    else:
        form = ChangeDataForm(
            initial=mitglied,
            partialform=partialform,
        )
        html = render_crispy_form(form, helper=form.helper, context=ctx)
        return HttpResponse(html)

我的助手是这样的：

    def __init__(self, *args, **kwargs):
        super(ChangeDataForm, self).__init__(*args, **kwargs)
        self.helper = FormHelper(self)
        self.helper.form_id = 'change-form'
        self.helper.attrs = {
            'hx-post': reverse('back-to-same-url'),
            'hx-target': '#change-form',
            'hx-swap': 'outerHTML',
        }
        self.helper.add_input(Submit('submit', 'absenden'))

事实是，一旦我将助手更改为“普通”后的启用后，它起作用了 - 但是我需要通过htmx来完成此操作，以便仅通过htmx进行更改。 DOM中的特定部分。对我来说，最奇怪的是，令牌被渲染为表格的最终HTML：

<form hx-post="/profil/nameform/" hx-swap="outerHTML" hx-target="#change-form" id="change-form" method="post" enctype="multipart/form-data" class="">
<input type="hidden" name="csrfmiddlewaretoken" value="token-value">
<label for="id_title" class="">Titel</label>
<input type="text" name="title" value="Hau" maxlength="50" class="textinput textInput form-control" id="id_title">
<label for="id_first_name" class=" requiredField">Vorname<span class="asteriskField">*</span> </label>
<input type="text" name="first_name" value="Test" maxlength="50" class="textinput textInput form-control" required="" id="id_first_name">
<label for="id_last_name" class=" requiredField">Nachname<span class="asteriskField">*</span></label>
<input type="text" name="last_name" value="aBVIpzRJoBKP" maxlength="50" class="textinput textInput form-control" required="" id="id_last_name">
<input type="submit" name="submit" value="absenden" class="btn btn-primary" id="submit-id-submit"> </div> </div> </form>

任何帮助都将受到赞赏...

编辑：在我删除了一些从视图中传递给表单的夸尔格斯之后，问题就解决了。仍然不知道，真正的问题是什么，但是我找到了解决方法。

原文

I'm getting a "CSRF token missing" error, when submitting a form in Django.
I'm using django-crispy-forms in combination with htmx.

The form is rendered via render_crispy_form:

def SwapFormView(request, partialform):
    ctx = {}
    ctx.update(csrf(request))
    mitglied = model_to_dict(request.user.mitglied)
    if request.method == 'POST':
        # do form things
        return HttpResponse("""POST""")
    else:
        form = ChangeDataForm(
            initial=mitglied,
            partialform=partialform,
        )
        html = render_crispy_form(form, helper=form.helper, context=ctx)
        return HttpResponse(html)

My helper is contructed like this:

    def __init__(self, *args, **kwargs):
        super(ChangeDataForm, self).__init__(*args, **kwargs)
        self.helper = FormHelper(self)
        self.helper.form_id = 'change-form'
        self.helper.attrs = {
            'hx-post': reverse('back-to-same-url'),
            'hx-target': '#change-form',
            'hx-swap': 'outerHTML',
        }
        self.helper.add_input(Submit('submit', 'absenden'))

The thing is, that as soon as I change the helper to a 'normal' POST-Request it works - but I need this to be done via HTMX to only change out the specific parts in the DOM.
Weirdest thing for me is, that the token is rendered into the final html of the form:

<form hx-post="/profil/nameform/" hx-swap="outerHTML" hx-target="#change-form" id="change-form" method="post" enctype="multipart/form-data" class="">
<input type="hidden" name="csrfmiddlewaretoken" value="token-value">
<label for="id_title" class="">Titel</label>
<input type="text" name="title" value="Hau" maxlength="50" class="textinput textInput form-control" id="id_title">
<label for="id_first_name" class=" requiredField">Vorname<span class="asteriskField">*</span> </label>
<input type="text" name="first_name" value="Test" maxlength="50" class="textinput textInput form-control" required="" id="id_first_name">
<label for="id_last_name" class=" requiredField">Nachname<span class="asteriskField">*</span></label>
<input type="text" name="last_name" value="aBVIpzRJoBKP" maxlength="50" class="textinput textInput form-control" required="" id="id_last_name">
<input type="submit" name="submit" value="absenden" class="btn btn-primary" id="submit-id-submit"> </div> </div> </form>

Any help is appreciated...

EDIT:
The problem solved itself after I removed some kwargs I passed from the view to the form. Still don't know, what the real problem was, but I found a workaround.

分享到QQ

分享到微博