Django: CSRF token missing or incorrect. / avoid {% csrf

2018-06-20 02:15:31

I'm following the Django guide on Show me do. But I have a question:

If I just copy his code I gen an

Forbidden (403) CSRF verification failed. Request aborted.

I've solved that problem by adding context_instance=RequestContext(request) to all "my" return render_to_response and by adding {% csrf_token %} to the form I'm calling.

Here comes the question : Can I any way set this up to be invoked "behind the sceenes" or to I have to add this to all my forms !?

Jens

Yes, you can use render(request, template, context) rather than render_to_response . The render shortcut uses a RequestContext automatically.

CSRF is an important security concept AFAIK.

You either have to set csrf_token [which would set a hidden post parameter] to all forms which uses post, put or delete request or You can use X-CSRFToken header as well. You can use render shortcut rather than render_to_response to include RequestContext by default. See:

https://docs.djangoproject.com/en/dev/ref/contrib/csrf/

There is a way to completely avoid CSRF checks by removing middleware or using a decorator . But I would recommend against this.

链接地址: http://www.djcxy.com/p/56522.html

上一篇: 403禁止。 CSRF令牌丢失或不正确

下一篇: Django：CSRF令牌丢失或不正确。 /避免{％csrf