因此,如果post提交表單的html代碼如下,django會拋出一個異常.
CSRF token missing or incorrect.
<form action="{%url listenCms:submitComment articleObj.id %}" method="post">
<div class="commentTextArea">
<textarea name="content" cols="" rows=""></textarea>
<input name="articleId" type="hidden" value="`articleObj`.`id`" />
</div>
<input name="submit" value="提交評論" type="submit" />
</form>
<div class="commentTextArea">
<textarea name="content" cols="" rows=""></textarea>
<input name="articleId" type="hidden" value="`articleObj`.`id`" />
</div>
<input name="submit" value="提交評論" type="submit" />
</form>
同樣在異常信息中,django給出瞭解決方案.
In the template, there is a
{% csrf_token
%}
template tag inside each POST form that
targets an internal URL.所以html如下,在form區域內加上了{% csrf_token %}
這個標籤會自動被django模板處理成一段html
<div style='display:none'><input type='hidden' name='csrfmiddlewaretoken' value='a7ad524eaa3c6f536a6afb7b56a40421' /></div>
加上{% csrf_token %}的HTML。
<form action="{%url listenCms:submitComment articleObj.id %}" method="post">{% csrf_token %}
<div class="commentTextArea">
<textarea name="content" cols="" rows=""></textarea>
<input name="articleId" type="hidden" value="`articleObj`.`id`" />
</div>
<input name="submit" value="提交評論" type="submit" />
</form>
<div class="commentTextArea">
<textarea name="content" cols="" rows=""></textarea>
<input name="articleId" type="hidden" value="`articleObj`.`id`" />
</div>
<input name="submit" value="提交評論" type="submit" />
</form>