CSRF token missing or incorrect even though I have {% csrf

2018-06-20 02:13:24

I have been getting this error referring to this method in my views.py file:

def AddNewUser(request):
    a=AMI()
    if(request.method == "POST"):
        print(request.POST)
       # print(request['newUser'])
       # print(request['password'])
    return render_to_response("ac/AddNewUser.html", {})

But my other functions work just fine. It's just this button in my HTML file that doesn't work.

<form name="AddNewUser" action="/ac/AddNewUser" method="post"> {% csrf_token %} <input type="submit" name="addNewUser" id="addNewUser" value="Create User"></form>

As you can see I've got the {% csrf_token %} but it's still not working. I also know some people are having this problem if they don't have MIDDLEWARE_CLASSES in their settings.py but I have that inserted correctly. What could be causing this problem? The only other line in the error says: "The view function uses RequestContext for the template, instead of Context." But I don't know what that could mean.

You have to use a RequestContext object to get the context, then pass the results in to your render_to_response() function. RequestContext adds in a required CSRF token.

from django.template import RequestContext
from django.shortcuts import render_to_response

csrfContext = RequestContext(request)
return render_to_response(some_template, csrfContext)

As a side note, you can also use RequestContext to add contexts/dictionaries intended for the template. For instance, I frequently use:

initialData = {'form': theForm, 'user_status': 'online'}
csrfContext = RequestContext(request, initialData)
return render_to_response(show_template, csrfContext)

As a (brief) explanation of what RequestContext does: most middleware creates something called a context processor, which is simply a function that supplies a context (dictionary) of variables. RequestContext looks for all the available context processors, gets their contexts, and appends them all to a single (giant) context.

NOTE: The RequestContext has to be used in both the view that serves the form as well as the view that receives the post. If you follow directions above and still doesn't work, this might be the problem! It was for me.

链接地址: http://www.djcxy.com/p/56518.html

上一篇: Django：POST表单需要CSRF？ GET不？

下一篇: CSRF令牌丢失或不正确，即使我有{％csrf