1. 首页
  2. 问答
  3. 是否添加@csrf_exempt错误?

是否添加@csrf_exempt错误?

2017-08-02 59 views
0

我想连我的雨燕应用& Python的Django的服务器在发送图像(我想从斯威夫特应用程序将图像发送到服务器)当我试图做到这一点,我在Xcode中得到了一个错误是否添加@csrf_exempt错误?

<div id="info"> 
    <h2>Help</h2> 

    <p>Reason given for failure:</p> 
    <pre> 
    CSRF cookie not set. 
    </pre> 


    <p>In general, this can occur when there is a genuine Cross Site Request Forgery, or when 
    <a 
    href="https://docs.djangoproject.com/en/1.10/ref/csrf/">Django's 
    CSRF mechanism</a> has not been used correctly. For POST forms, you need to 
    ensure:</p> 

    <ul> 
    <li>Your browser is accepting cookies.</li> 

    <li>The view function passes a <code>request</code> to the template's <a 
    href="https://docs.djangoproject.com/en/dev/topics/templates/#django.template.backends.base.Template.render"><code>render</code></a> 
    method.</li> 

    <li>In the template, there is a <code>{% csrf_token 
    %}</code> template tag inside each POST form that 
    targets an internal URL.</li> 

    <li>If you are not using <code>CsrfViewMiddleware</code>, then you must use 
    <code>csrf_protect</code> on any views that use the <code>csrf_token</code> 
    template tag, as well as those that accept the POST data.</li> 

    <li>The form has a valid CSRF token. After logging in in another browser 
    tab or hitting the back button after a login, you may need to reload the 
    page with the form, because the token is rotated after a login.</li> 
    </ul> 

    <p>You're seeing the help section of this page because you have <code>DEBUG = 
    True</code> in your Django settings file. Change that to <code>False</code>, 
    and only the initial error message will be displayed. </p> 

    <p>You can customize this page using the CSRF_FAILURE_VIEW setting.</p> 
</div> 

</body> 
</html>

所以,我觉得需要添加csrf装饰器到Django服务器。我将它添加到我的代码中,如

from django.contrib.auth.forms import AuthenticationForm 
from django.contrib.auth.decorators import login_required 
from django.http import HttpResponse 
from django.shortcuts import render, redirect 
from django.views.decorators.http import require_POST 
from .forms import RegisterForm 
from django.contrib.auth import authenticate, login 
from .models import Post 
from .forms import UserImageForm 
from .models import ImageAndUser 
from django.views.decorators.csrf import csrf_exempt 
@csrf_exempt 
def upload_save(request): 

    photo_id = request.POST.get("p_id", "") 

    if (photo_id): 
     photo_obj = Post.objects.get(id=photo_id) 
    else: 
     photo_obj = Post() 

    files = request.FILES.getlist("files[]") 


    photo_obj.image = files[0] 
    # photo_obj.image2 = files[1] 
    # photo_obj.image3 = files[2] 

    photo_obj.save() 
    # return render(request, "registration/accounts/photo.html") 

    photos = Post.objects.all() 
    context = { 
     'photos': photos, 
    } 
    return render(request, 'registration/accounts/photo.html', context)

但是当我在Swift应用中做了同样的事情时,发生了完全相同的错误。 我认为添加@csrf_exempt的位置是错误的,但我不知道如何解决这个问题。也许@csrf_exempt的位置可以,另一点是错误的,我不知道。 我的发送网址是用Swift写的,是http://localhost:8000/admin/accounts/post/42/change/。 在Django的一侧,MYAPP的urls.py是

from django.conf import settings 
from django.conf.urls import include, url 
from django.conf.urls.static import static 
from django.contrib import admin 
from django.contrib.staticfiles.urls import staticfiles_urlpatterns 

urlpatterns = [ 
    url(r'^admin/', admin.site.urls), 
    url(r'^accounts/', include('accounts.urls')), 
    url(r'^api/', include('UserToken.urls')), 
    url(r'^accounts/', include('accounts.urls', namespace='accounts')), 
    url(r'^ResultJSON/', include('ResultJSON.urls')), 
    url(r'^api/1.0/', include('accounts.api_urls', namespace='api')), 
    url(r'^api/1.0/login/', include('accounts.apitoken_urls', namespace='apilogin')), 

] +static(settings.MEDIA_URL,document_root=settings.MEDIA_ROOT)

账户的urls.py是

from django.conf.urls import url 
from . import views 
from django.contrib.auth.views import login, logout 
from django.views.generic import TemplateView 

urlpatterns = [ 
    url(r'^login/$', login, 
     {'template_name': 'registration/accounts/login.html'}, 
     name='login'), 
    url(r'^logout/$', logout, name='logout'), 
    url(r'^regist/$', views.regist,name='regist'), 
    url(r'^regist_save/$', views.regist_save, name='regist_save'), 
    url(r'^profile/$', views.profile, name='profile'), 
    url(r'^photo/$', views.photo, name='photo'), 
    url(r'^upload/(?P<p_id>\d+)/$', views.upload, name='upload'), 
    url(r'^upload_save/$', views.upload_save, name='upload_save'), 
    url(r'^kenshinresults$', TemplateView.as_view(template_name='registration/accounts/kenshin_result.html'), 
     name='kenshinresults'), 
    url(r'^tcresults$', views.tc,name='tcresults'), 
]

请告诉我,什么是错的。

来源

2017-08-02 mikimiki

+0

为什么你想要免税? –

+0

我认为@csrf_exempt可以做我理想的事情(删除Swift的错误)但是,你认为它错了吗? – mikimiki

+0

'csrf_token'很重要。我并不真正懂得迅速,但是为了摆脱异常而免除它是一个坏主意。看看用javascript设置标记也许。 –

回答

0

/admin/accounts/post/42/change/是Django管理员中的URL。您的upload_save视图使用csrf_exempt修饰符在您的URL配置中连接到/accounts/upload_save/

来源

2017-08-02 08:53:27 Alasdair

相关问题

 相关问题