1. 为什么要有csrf_token?
防止跨站请求伪造
2. Django中如何使用?
urls.py:
urlpatterns = [ # 测试跨站请求伪造 (CSRF) url(r'^csrf_test/$', views.csrf_test), ]
views.py
def csrf_test(request): if request.method == "POST": print(request.POST) return HttpResponse("OK") return render(request, "csrf_test.html")
csrf_test.html
<!DOCTYPE html> <html lang="en"> <head> <meta charset="UTF-8"> <title>Title</title> </head> <body> <form action="" method="post"> {% csrf_token %} <input type="text" name="name"> <input type="submit" value="提交"> </form> </body> </html>
注意:
在render的页面上写上{% csrf_token %}
3. 如果是form表单形式提交,必须放在form表单中