我是 Django 新手,遇到了一个奇怪的问题。如果我创建 django 模板并在其中插入 {% csrf_token %} ,它效果很好,但是如果我将 @csrf_protect 装饰器查看,它会给我 Forbidden 403 (CSRF 验证失败。请求中止)。据我从 django 文档中了解到,我不能同时使用 CsrfViewMiddleware 和 @csrf_protect。
所以问题来了:
是否可以在视图内进行 csrf 验证,或者在这种情况下我应该始终编写模板吗?
@csrf_protect
def create_group(request):
if request.method == "POST":
Group.objects.create(**{key: request.POST[key] for key in request.POST})
return HttpResponseRedirect(reverse("groups:groups"))
elif request.method == "GET":
pass
return HttpResponse(create_group_form)
create_group_form = """
<form method="POST">
<label for="course">Course:</label><br>
<input type="text" id="course" name="course"><br><br>
<label for="length_in_months">Length in months:</label><br>
<input type="number" id="length_in_months" name="length_in_months" min=1 max=12 required><br><br>
<label for="price">Price:</label><br>
<input type="number" id="price" name="price" min=1000 max=50000 required><br><br>
<label for="number_of_students">Number of students:</label><br>
<input type="number" id="number_of_students" name="number_of_students" min=3 max=30 required><br><br>
<label for="lesson_duration">Lesson duration:</label><br>
<input type="number" id="lesson_duration" name="lesson_duration" min=1 max=5 required><br><br>
<label for="website">Website:</label><br>
<input type="url" id="website" name="website"><br><br>
<input type="submit" value="Submit">
</form> """
最好用
CsrfViewMiddlewareCSRF tokensPOSTCSRF token