1、setting.py:
MIDDLEWARE_CLASSES = (
'django.middleware.common.CommonMiddleware',
'django.contrib.sessions.middleware.SessionMiddleware',
'django.middleware.csrf.CsrfViewMiddleware',#确认存在
'django.contrib.auth.middleware.AuthenticationMiddleware',
'django.contrib.messages.middleware.MessageMiddleware',
# Uncomment the next line for simple clickjacking protection:
# 'django.middleware.clickjacking.XFrameOptionsMiddleware',
)
2、html中的form添加模板标签{% csrf_token %}
<form action="." method="post">{% csrf_token %}
3、views.py
from django.shortcuts import render_to_response
from django.template import RequestContext
def some_view(request):
# ...
return render_to_response('my_template.html',
my_data_dictionary,
context_instance=RequestContext(request))
如果要屏蔽CSRF
方法1:注释掉django工程settings.py中
#'django.middleware.csrf.CsrfViewMiddleware'
方法2:django工程views.py添加屏蔽装饰器
from django.views.decorators.csrf import csrf_exempt @csrf_exempt def some_view(request): #...