问题描述
我正在尝试在 Django 中构建一个带有上传表单的页面,并且 GET 请求工作正常,但是当我发送文件时出现以下错误:CSRF verification failed. Request aborted。
我的观点很简单:
class ImportView(generic.FormView):
template_name = 'assignments/import.html'
form_class = ImportForm
success_url = reverse_lazy('assignment_import')
def post(self,request,*args,**kwargs):
form = self.get_form()
if form.is_valid():
# handle upload here
assignments = pd.read_excel(request.FILES['file'].file)
for i,assignment in assignments.iterrows():
assignment_obj = Assignment()
assignment_obj.name = assignment['name']
assignment_obj.save()
return self.form_valid(form)
else:
return self.form_invalid(form)
以及表单模板 (assignments/import.html):
<h2>Import assignments</h2>
{{ form.non_field_errors }}
{{ form.source.errors }}
{{ form.source }}
<form class="post-form assignments-import" method="POST" enctype="multipart/form-data">
{% csrf_token %}
<div class="row flexibel" style="clear: left;">
<div class="col">{{ form.file|add_class:form.file.name|as_crispy_field }}</div>
</div>
<button class="save btn btn-success" type="submit">Assignment</button>
</form>
在我的 settings.py 中有(相关部分):
BASE_DIR = Path(__file__).resolve().parent.parent
SECRET_KEY = os.getenv('DJANGO_SECRET',default='...')
DEBUG = True
ALLOWED_HOSTS = ['localhost','127.0.0.1','.example.com']
MAPS_URL = os.getenv('MAPS_URL',default="https://www.example.com")
DOMAIN_NAME = os.getenv('DOMAIN_NAME',default=".example.com")
# Production settings
CSRF_USE_SESSIONS = True
CSRF_COOKIE_SECURE = True
CSRF_TRUSTED_ORIGINS = True
DATA_UPLOAD_MAX_MEMORY_SIZE = True
DATA_UPLOAD_MAX_NUMBER_FIELDS = True
FILE_UPLOAD_MAX_MEMORY_SIZE = True
SECURE_BROWSER_XSS_FILTER = True
SECURE_CONTENT_TYPE_NOSNIFF = True
SECURE_HSTS_INCLUDE_SUBDOMAINS = True
SECURE_HSTS_PRELOAD = True
SESSION_COOKIE_SECURE = True
CSRF_COOKIE_DOMAIN = DOMAIN_NAME
SECURE_REDIRECT_EXEMPT = DOMAIN_NAME
SESSION_COOKIE_DOMAIN = DOMAIN_NAME
AUTHENTICATION_BACKENDS = ['django.contrib.auth.backends.ModelBackend']
# Application definition
INSTALLED_APPS = [
...,'django.contrib.admin','django.contrib.auth','django.contrib.contenttypes','django.contrib.sessions','django.contrib.messages','django.contrib.staticfiles',...
]
MIDDLEWARE = [
'django.middleware.security.SecurityMiddleware','django.contrib.sessions.middleware.SessionMiddleware','django.middleware.common.CommonMiddleware','django.middleware.csrf.CsrfViewMiddleware','django.contrib.auth.middleware.AuthenticationMiddleware','django.contrib.messages.middleware.MessageMiddleware','django.middleware.clickjacking.XFrameOptionsMiddleware',]
STATIC_URL = '/static/'
STATIC_ROOT = os.getenv('STATIC_ROOT',os.path.join(BASE_DIR,'static'))
MEDIA_ROOT = os.getenv('MEDIA_ROOT',Path(os.path.join(BASE_DIR,'uploads')).resolve())
当我将“生产设置”部分注释掉时,我没有收到错误消息(但我在进行左移扫描检查时确实收到了错误消息)。知道如何以安全的方式解决这个问题吗(我不想禁用 CSRF 验证,这似乎是一件不安全的事情)?
解决方法
暂无找到可以解决该程序问题的有效方法,小编努力寻找整理中!
如果你已经找到好的解决方法,欢迎将解决方案带上本链接一起发送给小编。
小编邮箱:dio#foxmail.com (将#修改为@)