django csrf tokenhtml网页内有 {% csrf_token %} {{uf.as_p}}这样模板,怎么替换
点击联系发帖人
时间:2015-03-19 06:49
5240人阅读
&html lang=&en&&
&title&Contact us&/title& &/head&
&h1&Contact us&/h1&
&form action=&.& method=&POST&&
&table& {{ form.as_table }} &/table&
&p&&input type=&submit& value=&Submit&&&/p&
以上我的测试template,form是一个forms对象,访问对应的URL的时候可以正常显示预定的页面,但是当点击提交按钮的时候就会出现&CSRF token missing or incorrect.&报错,报错页面中也提供了处理办法,基本就是& requestContext 用 Context()代替,然后在template中的post形式form中加入{% csrf_token %}。
按照其中的说法作了,对应template如下:
&html lang=&en&&
&title&Contact us&/title& &/head&
&h1&Contact us&/h1&
&form action=&.& method=&POST&&
{% csrf_token %}
&table& {{ form.as_table }} &/table&
&p&&input type=&submit& value=&Submit&&&/p&
但是没有效果,后来发现还需要在setting.py中加入对应的&MIDDLEWARE_CLASSES&。
对应加入:
'django.middleware.csrf.CsrfResponseMiddleware',
然后运行,OK。
* 以上用户言论只代表其个人观点,不代表CSDN网站的观点或立场
访问:104560次
积分:1191
积分:1191
排名:第16906名
原创:28篇
评论:15条
(1)(1)(2)(2)(1)(2)(1)(1)(1)(2)(4)(4)(4)(1)(2)(1)(1)(5)Stack Overflow is a question and answer site for professional and enthusiast programmers. It's 100% free, no registration required.
In my users page, i have in place editing with ajax. And when i click edit, it works fine. But when i submit the form, it don't do anything. When i checked, this is the error:
CSRF verification failed. Request aborted.
So, how do I place {% csrf_token %} in my javascript? Please advice.
Thank you.
function bookmark_edit() {
var item = $(this).parent();
var url = item.find(".title").attr("href");
item.load("/save/?ajax&url=" + escape(url), null, function () {
$("#save-form").submit(bookmark_save);
$(document).ready(function () {
$("ul.bookmarks .edit").click(bookmark_edit);
function bookmark_save() {
var item = $(this).parent();
var data = {
url: item.find("#id_url").val(),
title: item.find("#id_title").val(),
tags: item.find("#id_tags").val()
$.post("/save/?ajax", data, function (result) {
if (result != "failure") {
item.before($("li", result).get(0));
item.remove();
$("ul.bookmarks .edit").click(bookmark_edit);
alert("Failed to validate bookmark before saving.");
save_form.html:
&form id = "save-form" method="post" action="/save/"&
{% csrf_token %}
{{form.as_p}}
&input type="submit" value="Save" /&
user_page.html:
{% extends "base.html" %}
{% block external %}
&script type = "text/javascript" src="{% static "assets/js/bookmark_edit.js" %}"&&/script&
{% endblock %}
{% block title %} {{username}} {% endblock %}
{% block head %} Bookmarks for {{username}} {% endblock %}
{% block content %}
{% include "bookmark_list.html" %}
{% endblock %}
@login_required(login_url='/login/')
def bookmark_save_page(request):
ajax = request.GET.has_key('ajax')
if request.method == 'POST':
form = BookmarkSaveForm(request.POST)
if form.is_valid():
bookmark = _bookmark_save(request, form)
variables = RequestContext(request, {
'bookmarks':[bookmark],
'show_edit':True,
'show_tags':True
return render_to_response('bookmark_list.html', variables)
return HttpResponseRedirect('/user/%s/' % request.user.username
return HttpResponseRedirect('failure')
elif request.GET.has_key('url'):
url = request.GET['url']
title = ''
link = Link.objects.get(url=url)
bookmark = Bookmark.objects.get(
link=link,
user = request.user
title = bookmark.title
tags = ' '.join(
tag.name for tag in bookmark.tag_set.all()
except ObjectDoesNotExist:
form = BookmarkSaveForm({
'url':url,
'title':title,
'tags':tags
form = BookmarkSaveForm()
variables = RequestContext(request, {
'form': form
return render_to_response(
'bookmark_save_form.html',
return render_to_response('bookmark_save.html',variables)
You are not sending the server generated csrf_token for the POST to verify the validity of the data. Hence the error.
As a part of the data part of the request, you need to send the token
csrfmiddlewaretoken: '{{ csrf_token }}'
Something like this
var data = {
url: item.find("#id_url").val(),
title: item.find("#id_title").val(),
tags: item.find("#id_tags").val(),
csrfmiddlewaretoken: '{{ csrf_token }}'
Or you could simply do:
var data = $('form').serialize()
if you want to send the whole form as a dictionary
This is what I use. Not sure if it's applicable in your situation though.
// sending a csrftoken with every ajax request
function csrfSafeMethod(method) {
// these HTTP methods do not require CSRF protection
return (/^(GET|HEAD|OPTIONS|TRACE)$/.test(method));
$.ajaxSetup({
crossDomain: false, // obviates need for sameOrigin test
beforeSend: function(xhr, settings) {
if (!csrfSafeMethod(settings.type)) {
xhr.setRequestHeader("X-CSRFToken", $.cookie('csrftoken'));
3,62951534
Your Answer
Sign up or
Sign up using Google
Sign up using Facebook
Sign up using Stack Exchange
Post as a guest
Post as a guest
By posting your answer, you agree to the
Not the answer you're looking for?
Browse other questions tagged
Stack Overflow works best with JavaScript enabled}
&html lang=&en&&
&title&Contact us&/title& &/head&
&h1&Contact us&/h1&
&form action=&.& method=&POST&&
&table& {{ form.as_table }} &/table&
&p&&input type=&submit& value=&Submit&&&/p&
以上我的测试template,form是一个forms对象,访问对应的URL的时候可以正常显示预定的页面,但是当点击提交按钮的时候就会出现&CSRF token missing or incorrect.&报错,报错页面中也提供了处理办法,基本就是& requestContext 用 Context()代替,然后在template中的post形式form中加入{% csrf_token %}。
按照其中的说法作了,对应template如下:
&html lang=&en&&
&title&Contact us&/title& &/head&
&h1&Contact us&/h1&
&form action=&.& method=&POST&&
{% csrf_token %}
&table& {{ form.as_table }} &/table&
&p&&input type=&submit& value=&Submit&&&/p&
但是没有效果,后来发现还需要在setting.py中加入对应的&MIDDLEWARE_CLASSES&。
对应加入:
'django.middleware.csrf.CsrfResponseMiddleware',
然后运行,OK。
* 以上用户言论只代表其个人观点,不代表CSDN网站的观点或立场
访问:104560次
积分:1191
积分:1191
排名:第16906名
原创:28篇
评论:15条
(1)(1)(2)(2)(1)(2)(1)(1)(1)(2)(4)(4)(4)(1)(2)(1)(1)(5)Stack Overflow is a question and answer site for professional and enthusiast programmers. It's 100% free, no registration required.
In my users page, i have in place editing with ajax. And when i click edit, it works fine. But when i submit the form, it don't do anything. When i checked, this is the error:
CSRF verification failed. Request aborted.
So, how do I place {% csrf_token %} in my javascript? Please advice.
Thank you.
function bookmark_edit() {
var item = $(this).parent();
var url = item.find(".title").attr("href");
item.load("/save/?ajax&url=" + escape(url), null, function () {
$("#save-form").submit(bookmark_save);
$(document).ready(function () {
$("ul.bookmarks .edit").click(bookmark_edit);
function bookmark_save() {
var item = $(this).parent();
var data = {
url: item.find("#id_url").val(),
title: item.find("#id_title").val(),
tags: item.find("#id_tags").val()
$.post("/save/?ajax", data, function (result) {
if (result != "failure") {
item.before($("li", result).get(0));
item.remove();
$("ul.bookmarks .edit").click(bookmark_edit);
alert("Failed to validate bookmark before saving.");
save_form.html:
&form id = "save-form" method="post" action="/save/"&
{% csrf_token %}
{{form.as_p}}
&input type="submit" value="Save" /&
user_page.html:
{% extends "base.html" %}
{% block external %}
&script type = "text/javascript" src="{% static "assets/js/bookmark_edit.js" %}"&&/script&
{% endblock %}
{% block title %} {{username}} {% endblock %}
{% block head %} Bookmarks for {{username}} {% endblock %}
{% block content %}
{% include "bookmark_list.html" %}
{% endblock %}
@login_required(login_url='/login/')
def bookmark_save_page(request):
ajax = request.GET.has_key('ajax')
if request.method == 'POST':
form = BookmarkSaveForm(request.POST)
if form.is_valid():
bookmark = _bookmark_save(request, form)
variables = RequestContext(request, {
'bookmarks':[bookmark],
'show_edit':True,
'show_tags':True
return render_to_response('bookmark_list.html', variables)
return HttpResponseRedirect('/user/%s/' % request.user.username
return HttpResponseRedirect('failure')
elif request.GET.has_key('url'):
url = request.GET['url']
title = ''
link = Link.objects.get(url=url)
bookmark = Bookmark.objects.get(
link=link,
user = request.user
title = bookmark.title
tags = ' '.join(
tag.name for tag in bookmark.tag_set.all()
except ObjectDoesNotExist:
form = BookmarkSaveForm({
'url':url,
'title':title,
'tags':tags
form = BookmarkSaveForm()
variables = RequestContext(request, {
'form': form
return render_to_response(
'bookmark_save_form.html',
return render_to_response('bookmark_save.html',variables)
You are not sending the server generated csrf_token for the POST to verify the validity of the data. Hence the error.
As a part of the data part of the request, you need to send the token
csrfmiddlewaretoken: '{{ csrf_token }}'
Something like this
var data = {
url: item.find("#id_url").val(),
title: item.find("#id_title").val(),
tags: item.find("#id_tags").val(),
csrfmiddlewaretoken: '{{ csrf_token }}'
Or you could simply do:
var data = $('form').serialize()
if you want to send the whole form as a dictionary
This is what I use. Not sure if it's applicable in your situation though.
// sending a csrftoken with every ajax request
function csrfSafeMethod(method) {
// these HTTP methods do not require CSRF protection
return (/^(GET|HEAD|OPTIONS|TRACE)$/.test(method));
$.ajaxSetup({
crossDomain: false, // obviates need for sameOrigin test
beforeSend: function(xhr, settings) {
if (!csrfSafeMethod(settings.type)) {
xhr.setRequestHeader("X-CSRFToken", $.cookie('csrftoken'));
3,62951534
Your Answer
Sign up or
Sign up using Google
Sign up using Facebook
Sign up using Stack Exchange
Post as a guest
Post as a guest
By posting your answer, you agree to the
Not the answer you're looking for?
Browse other questions tagged
Stack Overflow works best with JavaScript enabled}
我要回帖
更多推荐
- ·看一部剧或者动漫看多了对现实失望的时候,为什么总是会对人物的一些语言行为想法有着特别的解读,并且很戳自己?
- ·儿歌王二小放牛郎原唱歌词
- ·求求一部电影名字字,女生收到一份关于父亲的邮件,去埃及寻找父亲,在金字塔被坏人抓住逼问的电影
- ·求一部小说名,校园爱情类,女主在晚会上饰演过九天玄女的来历
- ·本田XR–V价格一般多少钱-V和思域这两款价格差不多,拿不准要哪个,感觉思域配置高?
- ·卢香天子的新浪微博二维码在哪里哪里可以看到?
- ·富百荣世贸商城官网的会员有什么优势?
- ·一个软件一个人和一只狗的电影模仿你
- ·猫团动漫怎么往百度上传照片上传百度照片
- ·风机橙橙白金蓝黑裙四根线怎么接
- ·邻区关系图层中SerCID盖印图层是什么意思
- ·我是个大专学生,我一个很好的新闺蜜时代,也是我们学校的,我们都大一了。我们学的刑事侦查技术专业。前几天我
- ·放疗都两个月了,照射处时日干,时候流出很多黄水谣,水流到之处发痒,过两天就如照射处,成新伤。问有什么
- ·求韩国女主播不雅视频的视频,你懂的,谢谢好人
- ·笔记本电脑连不上无线无线怎么连不上?求指导详细指导
- ·传奇私服战士出刀卡显卡推荐怎么办
- ·百度视频不能离线下载APP视频下载了,离线能看吗?
- ·如何怎么做电子商务网站站
- ·学习课件视频用第四届乐视影视盛典播放时出现错误代码00999什么意思
- ·求推荐一个可以边冲边放的移动电源冲多长时间,给路由器供电用的
- ·django csrf tokenhtml网页内有 {% csrf_token %} {{uf.as_p}}这样模板,怎么替换
- ·徵店下载……纯天然怎样辨别蜂蜜的真假,假一倍十
- ·用js 或者其他方法写一堆js 数字相加,并且生成链接
- ·没关系是爱情啊国语版未删减版 thunder://|ftp://
- ·婆婆生前把首饰都留给了,我现在恨死了大聊斋新编花姑子不播二聊斋新编花姑子不播要求返还首饰,说是遗产要求返还分割
- ·如家和莫泰是一家吗的上网验证码是神马?
- ·老滚5mod合集排序问题
- ·JS如何js限制只能输入数字某段时间内向某手机发送短信的数量?
- ·win10和什么电脑管家比较好用什么关系?
- ·昂科威精英型加装导航28T精英版有香槟色的吗
- ·求一个乐视电视视频会员 绝对不改密码。万分感谢。
- ·奥林巴斯epm2宽容度比尼康佳能宽容度好
- ·3DMAX中博鉴藏古玩艺术馆古架怎么见
- ·我在使用华西证券如何建立交易系统统时,分时走势图里多了一根蓝线,好像是显示相对整个沪深指数变化的
- ·红米语音助手怎么用手机用百度地图不好用没有语音提示百度地图里的导航就说开始导航,之后就没有语音了
- ·r556ld华硕r556ld拆机玩lolfps是多少
