1
我已经在django表单中启用了csrf标记,并且如果我尝试上传文件,则会获取低于错误的错误。请帮我解决它。django csrf标记错误 - 禁止(CSRF cookie未设置)
故宫(CSRF的cookie未设置。):/上传
我的HTML表单呈现如下图所示。
<form id="uploadfile" action="/upload" class="dropzone needsclick dz-clickable" enctype="multipart/form-data" method="post" style="display: none;">
<input type="hidden" name="csrfmiddlewaretoken" value="I4DEvg2nDPGkaGjrynMVGh5KfGdk3Z3z">
<div class="dz-message needsclick" style="display: block;">
Drop files here or click to upload.<br>
</div>
<input type="hidden" name="cmd" value="mycmd"></form>
我的上传视图代码如下所示。
def upload(request):
# handle form upload
if request.method == 'POST':
cmd = request.POST.get('cmd','')
form = Utils.Form()
upfile = form.uploadFile(request)
....some code.....
return HttpResponse("my response")
在settings.py我已启用cookie和csrf像下面。
........
........
CSRF_COOKIE_SECURE = True
CSRF_COOKIE_HTTPONLY = True
SENDFILE_BACKEND = 'sendfile.backends.development'
........
........
MIDDLEWARE_CLASSES = [
'django.middleware.security.SecurityMiddleware',
'django.contrib.sessions.middleware.SessionMiddleware',
'django.middleware.common.CommonMiddleware',
'django.middleware.csrf.CsrfViewMiddleware',
'django.contrib.auth.middleware.AuthenticationMiddleware',
'django.contrib.auth.middleware.SessionAuthenticationMiddleware',
'django.contrib.messages.middleware.MessageMiddleware',
'django.middleware.clickjacking.XFrameOptionsMiddleware',
]
.......
我认为,HTML是渲染的,并没有你的模板。 – Viroide
我的意思是,你有模板中的这个'{%csrf_token%}'吗? – Viroide
关闭当然我有 – virus