django-csrf

问题 I've run into this issue before and solved it, but this just popped up totally randomly (or so it seems). I've just come back to my Django project after a little while away from it...when logging in I forgot my web username and it gave me the appropriate error message Sorry, that's not a valid username or password . So to solve this I created a new superuser (since I had also forgot my admin username) so I could check what my web username was. I did that successfully, but now when I try to

问题 I am learning Django2,and try to make a login page with csrf_token and ajax. I hope that if user hasn't lgoin,that will turn to the login page and send a variable next as a tag of the page before login.If user login successfully that I can turn to the homepage or page marked by next . I read the docs of Django2, and try to code like below,however,when I click "LOGIN" button,it just refresh the login page and get no error I am confused and have no idea already.Please help. login views: def

问题 I have two applications running on the same domain on different ports, both using csrf middleware. When I log-in in one of the applications all POST submits from the other fail. I presume because the SESSION_COOKIE_DOMAIN is the same. I tried changing SESSION_COOKIE_NAME , however, the 'csrftoken' cookie is used in the forms POST request on both sites, no matter that there now is a new cookie with the name I specified. When I post information with AJAX and get the csrf token from the cookie

问题 I have 2 $.ajax() functions in one html rendered by Django. The first one works correctly, the second one answers with a 403 CSRF Failed: CSRF token missing or incorrect. This is the relevant js code: $(document).ready(function(){ window.CSRF_TOKEN = "{{ csrf_token }}"; .... $.ajax({ method: "POST", url: "{% url 'alpha:create_cart_item' %}", data: {'item': stockitem_id, 'quantity': '1', 'csrfmiddlewaretoken': window.CSRF_TOKEN}, success: function(resp){...} .... $.ajax({ method: "PUT", url: "

问题 I'm writing an Android app which sends data in JSON format to a Django REST API running on a local server. It is an https connection to the server and all necessary certificates are integratted into the app. Bevore we've updated to Django 1.6 we were running on Django 1.4 and everything worked fine. Now with Django 1.6 the app is still able to get the CSRF token, to log in and to do a HttpGet request, which returns the expected JSON object. Only the HttpPost requests are rejected with 403

问题 My setup: A static website as landing page served via aws S3 (welcome.mydomain.com). A django app (django-1.8 with python 2.7) accessible via a subdomain (app.mydomain.com). I would like to add a contact form which is part of my static website and which sends the contact form info to my django server to be processed. I do not want to add the contact form as a template to my django app because I am using different style sheets and resources and don't want to mix them between the servers. The

问题 I am trying to make a POST request from an Angular 6 app to a Django backend. Even though I include the csrf token in the headers, Django is logging a 403 Forbidden error as "CSRF token missing or incorrect". My code is as follows (with extraneous headers in my attempts to satisfy Django): Angular Component: import { Injectable } from '@angular/core'; import { HttpClient, HttpHeaders } from '@angular/common/http'; import { SharedService } from '../../shared.service'; import { CookieService }

问题 I'm new to jMeter testing. I want to test the field update on UI. So When I run my test I'm getting the CSRF validation error. How can I resolve this. My test plan looks as, And the sampler result is as follows, Thread Name: Thread Group 1-1 Sample Start: 2014-11-18 23:37:49 IST Load time: 688 Latency: 688 Size in bytes: 483 Headers size in bytes: 457 Body size in bytes: 26 Sample Count: 1 Error Count: 1 Response code: 401 Response message: Unauthorized : CSRF validation failed Response

问题 I am struggling with the CSRF token in a simple POST form in Django. The template generates the following CSRF output instead of outputting the value of the token: <input type='hidden' name='csrfmiddlewaretoken' value='{'csrf_token':django.utils.functional.__proxy__ object at 0x1255690>}' /> I am using {% csrf_token %} in the template, how can I fix this? (I am using Django 1.2) EDIT: the exact form code is: <form name="foo" action="url" method="POST"> {% csrf_token %} <select> {% for key,

问题 In order to see this possible error you need to open two browsers and some plug-in to get/set cookies. If you create a new project in django 1.7 and access to the admin site ( /admin ), and login succesfuly in the first broser and get the sessionid and csrftoken cookies and set them into the second browser login page and set a random user and password, you obtain a CSRF error and if you go back in the browser you are logged in. how can avoid this? 回答1: I suppose, you can obtain same result