python

在django中利用comments功能，发生错误，错误信息如下：

Forbidden  (403)

CSRF verification failed. Request aborted.

Help

Reason given for failure:

CSRF token missing or incorrect.

In general, this can occur when there is a genuine Cross Site Request Forgery, or when Django's CSRF mechanism has not been used correctly. For POST forms, you need to ensure:

• Your browser is accepting cookies.
• The view function uses RequestContext for the template, instead of Context.
• In the template, there is a {% csrf_token %} template tag inside each POST form that targets an internal URL.
• If you are not using CsrfViewMiddleware, then you must use csrf_protect on any views that use the csrf_token template tag, as well as those that accept the POST data.

You're seeing the help section of this page because you have DEBUG = True in your Django settings file. Change that to False, and only the initial error message will be displayed.

You can customize this page using the CSRF_FAILURE_VIEW setting.

解决方法：

1.其实也没有什么解决方法，其实在错误信息里边已经说了，“ The view function uses   RequestContext   for the template, instead of  Context”

通常情况下，我们在view里边通常是这么做：

点击(此处)折叠或打开

1. def archive(request,text_id):
   
2.     all_posts = TextBody.objects.all()
   
3.     posts = all_posts.filter(id=text_id)
   
4.     t= loader.get_template('content.html') 
   
5.     c = Context({'posts':posts})     
6.     return HttpResponse( t.render(c) )

务必将 Context修改为RequestContext,修改后为 c = RequestContext(request,{'posts':posts})

务必在文件头引入： from django.template import loader,Context,RequestContext

2.在Html模板中加入csrf标签： 

点击(此处)折叠或打开

1. <table>
   
2.   <form action="{% comment_form_target %}" method="post">
   
3.     {% csrf_token %}    
   
4.     {{ form }}
   
5.     <tr>
   
6.       <td colspan="2">
   
7.         <input type="submit" name="submit" value="Post">
   
8.         <input type="submit" name="preview" value="Preview">
   
9.       </td>
   
10.     </tr>
    
11.   </form>
    
12. </table>

原文：http://blog.chinaunix.net/uid-21222282-id-3244532.html