Djangobook ch 7 CSRF

Question

我正在读Djangobook，我正在读7页，实际上有一行写着"#todo --解释CSRF令牌“

当我遵循这些示例时(我很确定我确实遵循了它们)，我无法让代码正常工作。

这是我的模板

    <html>
    <head>
        <title>Contact us</title>
    </head>
    <body>
        <h1>Contact us</h1>

        {% if errors %}
            <ul>
                {% for error in errors %}
                <li>{{ error }}</li>
                {% endfor %}
            </ul>
        {% endif %}

        <form action="/contact/" method="post">
                    {% csrf_token %}
            <p>Subject: <input type="text" name="subject"></p>
            <p>Your e-mail (optional): <input type="text" name="email"></p>
            <p>Message: <textarea name="message" rows="10" cols="50"></textarea></p>
            <input type="submit" value="Submit">
        </form>
    </body>
    </html>

这是我的看法

    from django.core.mail import send_mail
    from django.http import HttpResponseRedirect
    from django.shortcuts import render
    from django.template import RequestContext

    def contact(request):
        errors = []
        if request.method == 'POST':
            if not request.POST.get('subject', ''):
                errors.append('Enter a subject.')
            if not request.POST.get('message', ''):
                errors.append('Enter a message.')
            if request.POST.get('email') and '@' not in request.POST['email']:
                errors.append('Enter a valid e-mail address.')
            if not errors:
                send_mail(
                    request.POST['subject'],
                    request.POST['message'],
                    request.POST.get('email', 'noreply@example.com'),
                    ['siteowner@example.com'],
                )
                return HttpResponseRedirect('/contact/thanks/')
        return render(request, 'contact_form.html',
            {'errors': errors}, context_instance=RequestContext(request))

这就是我要犯的错误

Forbidden (403)
CSRF verification failed. Request aborted.

Help

Reason given for failure:
    CSRF token missing or incorrect.

In general, this can occur when there is a genuine Cross Site Request Forgery, or when Django's CSRF mechanism has not been used correctly. For POST forms, you need to ensure:
 - Your browser is accepting cookies.
 - The view function uses RequestContext for the template, instead of Context.
 - In the template, there is a {% csrf_token %} template tag inside each POST form that targets an internal URL.
 - If you are not using CsrfViewMiddleware, then you must use csrf_protect on any views that use the csrf_token template tag, as well as those that accept the POST data.

You're seeing the help section of this page because you have DEBUG = True in your Django settings file. Change that to False, and only the initial error message will be displayed.

You can customize this page using the CSRF_FAILURE_VIEW setting.

EDIT__******

我发现我可以查看我的表单的源代码，即使我的模板中有csrf_token，也不会插入它。我找到了常见的解决方案。有人建议我这么做

        return render_to_response('contact_form.html',
            {'errors': errors}, context_instance=RequestContext(request))

但这对我也不起作用。

Answer 1

我刚检查了一下我的settings.py，我看到两个中间件增加了，而不仅仅是CsrfViewMiddleware -

MIDDLEWARE_CLASSES = (
...
‘django.middleware.csrf.CsrfViewMiddleware’,
‘django.middleware.csrf.CsrfResponseMiddleware’,
)

试着增加更多。