Django CSRF Failure After Upgrade 1.9 > 1.11

后端 未结 1 885
一生所求
一生所求 2021-01-21 11:44

I\'ve just upgraded an app I\'m developing from 1.9 to 1.11 and am getting constant errors on all form posts:

CSRF token missing or incorrect.

相关标签:
1条回答
  • 2021-01-21 12:39

    Django 1.10 introduced salted CSRF tokens that change every time the user logs in:

    Changed in Django 1.10:

    Added salting to the token and started changing it with each request to protect against BREACH attacks.

    You will have to log out and back in again to generate a new salted token before your forms will work.

    Melvyn suggests clearing your session store in a comment. That would work too, and is probably a better option if you have many users.

    You might also have to modify your middleware settings to reflect the new style introduced in Django 1.10. The old MIDDLEWARE_CLASSES setting is deprecated in favour of MIDDLEWARE. Make sure that 'django.middleware.csrf.CsrfViewMiddleware' is included in your MIDDLEWARE. If you have custom middleware (or if you're using libraries that use old-style middleware) it will have to be updated.

    0 讨论(0)
提交回复
热议问题