a series of form posts with django results in 403 error

2018-06-20 02:28:56

if the user clicks submits a form on the landing page it takes them to a another page (second page) but if the user then tries to login on the second page via another form post the user receives a 403 forbidden error.

landing page form works. login form works fine. but submitting landing page form then login form results in 403 CSRF verification failed.

The form on the first page returns:

render(request, 'page.html', context_var)

The form void of css looks like:

<form action="{% url 'url_test' %}" method="POST">
<input type="hidden" name="some_name" value="for_view_use">
{% csrf_token %}
<button type="submit" name="other_name" value="value">button</button>
</form>

The second form or the view which allows the user to login returns:

HttpResponse('success')

and the login form void of css is:

<form action="{% url 'login' %}" method="post">
{% csrf_token %}
<input type="text" name="username">
<input type="password" name="password">
<button type="submit">Sign In</button>
</form>

I am sure both these views return these values as I have tested them separately.

I have tried using @csrf_protect but that hasn't worked. I've checked and the token is present on the second page when loaded. I know it's something to do with the csrf token but I can't figure it out.

to me it looks as if the first form isn't returning an acceptable csrf token for the next page.

EDIT: I did not solve the problem itself but I noticed the first request was just pulling data from the server so I changed it to a GET request and the bug stopped happening. This is not an answer in my opinion so I will leave this thread open in case someone else is having trouble with consecutive form POST requests with django.

链接地址: http://www.djcxy.com/p/56548.html

上一篇: Django csrf令牌如何工作？

下一篇: 一系列带有Django的表单帖子会导致403错误