django-csrf

问题 I am attempting to create a page that includes two forms: one that is visible when the page loads (a signin form), and a second that appears in a modal if the user clicks a button (a signup form). I am using Django, and, although I am still figuring out how I will handle these forms, my largest concern is how the CSRF token will play into all of this. For example, should I use {% csrf_token %} inside of only one of my <form></form> tags, or should I place it in both? Further, if I do use it

问题 I understand that the Django's comments framework was designed for anonymous public comments like you commonly see below a blog or an artcile. In other words, anyone can post comments. I am using the comments framework for only allowing logged in users to display comments. What I did was modify the form.html and hid the name , URL , and email field (leaving the security fields intact). So pretty much the user only sees a comment field. I wanted to use Django's comments since it already has

问题 As the title states, my (Django) CSRF verification is working in Chrome but not Firefox and I'd like to know why so I can fix this. I have this included in the head tag of my base.html file from which all other files in my application extend: base.html, bottom of the head tag <script> $(document).ready(function() { function getCookie(name) { var cookieValue = null; if (document.cookie && document.cookie != '') { var cookies = document.cookie.split(';'); for (var i = 0; i < cookies.length; i++

问题 This question is more a re-insurance than one directly about how to code. As an autodidact i did not have a lot of possibilities to ask professionals such things, so i try here. I have read the documents in the django-docs ( https://docs.djangoproject.com/en/1.3/ref/contrib/csrf/ ) and some info on that page: http://cwe.mitre.org/top25/#CWE-352 As far as i have understood, django delivers a token (some kind of pin-code) to a user. And to verify it really is him, he has to return it the next

问题 Here's the relevant snippet of HTML in the template: <form action="/submit_text/" method="post"> {% csrf_token %} {% include "backbone/form_errors.html" %} {{form.as_p}} <input type="submit" value="Submit" /> </form> Here is my settings.py MIDDLEWARE_CLASSES declaration: MIDDLEWARE_CLASSES = ( 'django.middleware.common.CommonMiddleware', 'django.contrib.sessions.middleware.SessionMiddleware', 'django.middleware.csrf.CsrfViewMiddleware', 'django.contrib.auth.middleware.AuthenticationMiddleware

问题 I have read Django - CSRF verification failed and several questions (and answers) related to django and POST method. One of the best-but-not-working-for-me answer is https://stackoverflow.com/a/4707639/755319 All of the approved answers suggest at least 3 things: Use RequestContext as the third parameter of render_to_response_call Add {% csrf_token %} in every form with POST method Check the MIDDLEWARE_CLASSES in settings.py I've done exactly as suggested, but the error still appeared. I use

问题 Django 1.2 is consistently giving me this CSRF verification error when I perform a POST form. I "think" I've done all the things asked in the Django 1.2 docs, namely, Ensure MIDDLEWARE_CLASSES is included with 'django.middleware.csrf.CsrfViewMiddleware' Ensure the {% csrf_token %} <form action="/words/new/" method="post"> {% csrf_token %} {{ form.as_p }} <input type="submit" value="Enter" /> </form> Use RequestContext in my response def create(request): if request.method == 'POST': form =

问题 I've been hearing about CSRF a long time ago, and the thing I hear most of the time is: Protecting against CSRF attacks is important so that someone doesn't submit your form automatically (using a bot or something) Well, that isn't 100% true, is it? I've been doing web scraping for about 3 years, and it is pretty straightforward to make a request, parse the csrftokenmiddleware field and POST it along with the other fields. So, what is it really for? 回答1: Imagine an e-banking web application

问题 I've started new django project and enabled admin app. I can login to admin site but when I'm trying to add/change site or user I'm getting CSRF verification failed. Request aborted. Reason given for failure: CSRF token missing or incorrect. That's what I have in settings.py: TEMPLATE_LOADERS = ( 'django.template.loaders.filesystem.Loader', 'django.template.loaders.app_directories.Loader', ) MIDDLEWARE_CLASSES = ( 'django.middleware.common.CommonMiddleware', 'django.contrib.sessions

问题 In my users page, i have in place editing with ajax. And when i click edit, it works fine. But when i submit the form, it don't do anything. When i checked, this is the error: CSRF verification failed. Request aborted. So, how do I place {% csrf_token %} in my javascript? Please advice. Thank you. edit.js: function bookmark_edit() { var item = $(this).parent(); var url = item.find(".title").attr("href"); item.load("/save/?ajax&url=" + escape(url), null, function () { $("#save-form").submit