【问题标题】:Django 403 Forbidden CSRFDjango 403 禁止 CSRF
【发布时间】:2020-03-21 10:38:10
【问题描述】:

最近我在我的 Django 应用程序中看到一个奇怪的错误。当我尝试登录时,Chrome 卡在“正在处理请求”上。再次单击登录按钮后,它给了我 403 Forbidden CSRF verification failed 错误。但是,当我单击“后退”按钮并使用相同的用户凭据再次按登录时,它会成功登录。我不知道为什么会这样。我有两个 Django 应用程序,分别是“home”和“main”,在正确的凭据之后,它应该将用户带到“home”应用程序的视图。

我的主/user_login.html

<form method="POST" action="{%url 'main:user_login' %}" class="form-signin">
                {% csrf_token %}
                <div class="form-label-group">
                  <input type="text" name="username" id="inputText" class="form-control" placeholder="Username" required autofocus>
                  <br/>
                </div>
                <div class="form-label-group">
                 <input type="password"  name="password" id="inputPassword" class="form-control" placeholder="Password" required>   
                </div>
                <div class="custom-control custom-checkbox mb-3">
                  <input type="checkbox" class="custom-control-input" id="customCheck1">
                  <label class="custom-control-label" for="customCheck1">Remember password</label>
                </div>
                <input type="submit" class="form-control" name="" value="Login">
                <hr class="my-4">
                <p>Don't have account? <a href="{% url 'main:signup' %}" id="signup">Sign up here</a></p>
                {% if message %}<p style="color: red;">{{ message }}</p>{% endif %}
                <a href="{% url 'password_reset' %}" id="signup">Forgot Password</a>
              </form>

我的主要/views.py:

def user_login(request):
    if request.method == 'POST':
        form = AuthenticationForm(request, data=request.POST)
        if form.is_valid():
            username = form.cleaned_data.get('username')
            password = form.cleaned_data.get('password')
            user = authenticate(username=username, password=password)
            if user is not None:              
                login(request,user)
                messages.info(request, "Successfully signed in")
                return redirect(reverse('home:home')) 
            else:
                message = 'Sorry, the username or password you entered is not valid please try again.'
                return render(request, 'home/user_login.html', {'message':message})
        else:
            message = 'Sorry, the username or password you entered is not valid please try again.'
            return render(request, 'home/user_login.html', {'message':message})
    else:
        form=AuthenticationForm()
        return render(request, 'home/user_login.html', {"form":form})

我的家/views.py:

@login_required

def home(request):
    context = {
        'posts': Post.objects.all()
    }
    return render(request, 'home/home.html', context)

我不明白是什么导致了问题,正如我之前提到的,在返回并再次单击登录后用户可以成功登录。

提前致谢!

编辑:我已经意识到导致错误的原因是抛出错误消息的 else 语句。我现在改变了我的看法,它没有给我一个错误,但我必须点击登录按钮两次,否则它会再次卡住。我现在的看法是:

def user_login(request):
    if request.method == 'POST':
        username = request.POST.get('username', '')
        password = request.POST.get('password', '')
        user = authenticate(request, username=username, password=password)
        if user is not None:
            return redirect('home:home')

        else:
            messages.error(request,'Sorry, the username or password you entered is not valid please try again.')
            return HttpResponseRedirect('/')
    else:
        form=AuthenticationForm()
        return render(request, 'main/user_login.html', {"form":form})

我的 user_login.html 现在是:

      <form method="POST" action="{% url 'main:user_login' %}" class="form-signin">
        {% csrf_token %}
        <div class="form-label-group">
          <input type="text" name="username" id="inputText" class="form-control" placeholder="Username" required autofocus>
          <br/>
        </div>
        <div class="form-label-group">
         <input type="password"  name="password" id="inputPassword" class="form-control" placeholder="Password" required>   
        </div>
        <div class="custom-control custom-checkbox mb-3">
          <input type="checkbox" class="custom-control-input" id="customCheck1">
          <label class="custom-control-label" for="customCheck1">Remember password</label>
        </div>
        <input type="submit" class="form-control" name="" value="Login">
        <hr class="my-4">
        <p>Don't have account? <a href="{% url 'main:signup' %}" id="signup">Sign up here</a></p>
        {% for message in messages %}
          <p style="color: red;">{{ message }}</p>
        {% endfor %}
        <a href="{% url 'password_reset' %}" id="signup">Forgot Password</a>
      </form>

这是导致问题的原因:

 else:
     messages.error(request,'Sorry, the username or password you entered is not valid please try again.')
     return HttpResponseRedirect('/')

【问题讨论】:

    标签: django django-forms django-views


    【解决方案1】:

    试试这个:

    @login_required
    def home(request):
         post = Post.objects.all()
         context = {'post':post}
         return render(request, 'home/home.html', context)
    

    【讨论】:

    • 我试过同样的问题,它卡在处理请求上,然后我必须再次点击登录,然后同样的事情发生了。 @user-98
    【解决方案2】:

    我认为问题可能出在 else 块中。

    试试这个:

    def user_login(request):
      if request.method == 'POST':
        form = AuthenticationForm(request, data=request.POST)
        if form.is_valid():
            username = form.cleaned_data.get('username')
            password = form.cleaned_data.get('password')
            user = authenticate(username=username, password=password)
            if user is not None:              
                login(request,user)
                messages.info(request, "Successfully signed in")
                return redirect(reverse('home:home')) 
    
        else:
            message = 'Sorry, the username or password you entered is not valid please try again.'
            return render(request, 'home/user_login.html', {'message':message})
    else:
        form=AuthenticationForm()
        return render(request, 'home/user_login.html', {"form":form})
    

    【讨论】:

    • 是的,我试过了,它似乎仍然无法正常工作@user-98
    【解决方案3】:

    Django 的built-in tags 需要空格

    在您的表单中修复此问题:action="{% url 'main:user_login' %}"

    【讨论】:

    • 我已经改变了它不是那个 - 我现在找到了问题的根源它没有给出错误但我需要点击登录按钮两次才能登录@sandes
    猜你喜欢
    • 2018-11-06
    • 2014-11-15
    • 2013-05-25
    • 2021-10-08
    • 1970-01-01
    • 2018-06-06
    • 2018-11-05
    • 2015-10-15
    • 2016-05-08
    相关资源
    最近更新 更多