因此,代碼很簡單:403登錄後頁面刷新時出現CSRF錯誤()Django?
views.py
@csrf_protect
def index(request):
global userPersonalInformation
if request.method == "POST":
username = request.POST['username']
password = request.POST['password']
user = authenticate(username=username, password=password)
if user is not None:
login(request, user)
profile = Profile.objects.get(username=username)
return render(request, 'main/profile.html', {"profile":profile})
else:
if CheckUser(username, password):
user = User.objects.create_user(request.POST['username'], userPersonalInformation['email'], request.POST['password'])
user.save()
profile = Profile.objects.create(username=username,school=userPersonalInformation['school'],img=userPersonalInformation['img'], birthyear=userPersonalInformation['birthyear'],city=userPersonalInformation['city'],solved=progress['denominator'])
profile.save()
login(request, user)
return render(request, 'main/profile.html', {"profile": profile })
else:
context = {"form": Userform(request.POST or None), }
return render(request, 'main/login.html', context)
else:
form = Userform()
context = {"form": form, }
return render(request, 'main/login.html', context)
profile.html
{% block title %}Profile | {{ user.first_name }}
這顯示個人資料|用戶名稱在標題欄上正確。即,用戶已登錄。
Settings.py
MIDDLEWARE = [
'django.middleware.security.SecurityMiddleware',
'django.contrib.sessions.middleware.SessionMiddleware',
'django.middleware.common.CommonMiddleware',
'django.middleware.csrf.CsrfViewMiddleware',
'django.contrib.auth.middleware.AuthenticationMiddleware',
'django.contrib.messages.middleware.MessageMiddleware',
'django.middleware.clickjacking.XFrameOptionsMiddleware',
]
主/ urls.py
from django.conf.urls import url
from . import views
app_name = 'main'
urlpatterns = [
url(r'^$', views.index, name='index'),
]
的login.html
{% extends "main/base.html" %}
{% block title %}Sign in{% endblock %}
{% block body %}
<div class="container">
<form method="post" action="" class="form-signin">
<h2 class="form-signin-heading">Please sign in</h2>
{% csrf_token %}
{{ form.as_p }}
<button class="btn btn-primary" type="submit">Sign in</button>
</form>
</div>
{% endblock %}
form.py
from django import forms
from django.contrib.auth.models import User
class Userform(forms.Form):
class Meta:
model= User
fields = ('username', 'password')
username = forms.CharField()
password = forms.CharField(widget=forms.PasswordInput())
Checkuser
CheckUser()
return True
現在的問題是,當我在點擊鏈接的標誌,我的個人資料頁上顯示的所有信息。但是,當我刷新頁面時,我得到這個錯誤:
Forbidden (403)
CSRF verification failed. Request aborted.
請幫助我。配置文件是數據庫中具有用戶內容的另一個表。用戶和配置文件的主鍵都是用戶名。如果用戶是我正在爬行的另一個網站的有效用戶,則函數CheckUser。如果他是,我們將他的詳細信息保存到我們的數據庫,userPersonalInformation是一個全局字典。
Django的1.10版
但我怎麼會在通過這個'profile'重定向功能? –
您只需將配置文件視圖的「url」或「url_name」傳遞給配置文件功能即可。 – v1k45
檢查更新的答案。 – v1k45