我正在研究Django 1.4.2版.
我已经实现了这个简单的表单示例(灵感来自
djangobook):
# views.py
from django.shortcuts import render
from django.http import HttpResponseRedirect
from django.core.mail import send_mail
from mysite.contact.forms import ContactForm
def contact(request):
if request.method == 'POST':
form = ContactForm(request.POST)
if form.is_valid():
cd = form.cleaned_data
send_mail(
cd['subject'],
cd['message'],
cd.get('email', 'noreply@example.com'),
['siteowner@example.com'],
)
return HttpResponseRedirect('/contact/thanks/')
else:
form = ContactForm()
return render(request, 'contact_form.html', {'form': form})
# contact_form.html
<html>
<head>
<title>Contact us</title>
</head>
<body>
<h1>Contact us</h1>
{% if form.errors %}
<p style="color: red;">
Please correct the error{{ form.errors|pluralize }} below.
</p>
{% endif %}
<form action="" method="post">
<table>
{{ form.as_table }}
{% csrf_token %}
</table>
<input type="submit" value="Submit">
</form>
</body>
</html>
# forms.py
from django import forms
class ContactForm(forms.Form):
subject = forms.CharField()
email = forms.EmailField(required=False)
message = forms.CharField()
一切都适用于我尝试过的所有浏览器(chrome,maxthon,firefox),但在IE9中,我得到了HTTP 403拒绝.
关于导致什么的任何线索?
编辑:经过深入调查后,我发现问题来自于:当询问空表格时,导航器会收到csrf cookie,但由于未知原因,它在发布表单时不会发回这个cookie.这个问题似乎只有当cookie来自pythonanywhere.com的nginx服务器时才会出现,当我从我自己的apache服务器测试时,cookie被发送回来确定.
以下是从服务器捕获的两个标头:
HTTP/1.1 200 OK
Server: nginx/1.2.5
Date: Wed, 21 Nov 2012 13:56:31 GMT
Content-Type: text/html; charset=utf-8
Transfer-Encoding: chunked
Connection: keep-alive
Vary: Cookie
Set-Cookie: csrftoken=1AJjzkbUgJdKAmkbiHicJ3or2Mfi6AbD; expires=Wed, 20-Nov-2013 13:56:31 GMT; Max-Age=31449600; Path=/
HTTP/1.1 200 OK
Date: Wed, 21 Nov 2012 13:56:50 GMT
Server: Apache/2.2.15 (CentOS)
Vary: Cookie
Set-Cookie: csrftoken=2iMZSH1s0vJnEt4tRRY7FciT1Q7orrVF; expires=Wed, 20-Nov-2013 13:56:50 GMT; Max-Age=31449600; Path=/
Keep-Alive: timeout=180, max=100
Connection: Keep-Alive
Transfer-Encoding: chunked
Content-Type: text/html; charset=utf-8
唯一显着的区别似乎是来自apache的Kee-Alive标题……
你认为它可以来自那里吗?
最佳答案 {%csrf_token%}输出< input type =“hidden”…>标签,也许IE9忽略它,因为它是表的直接子,而不是在单元格内.
尝试在< input type =“submit”value =“Submit”>旁边移动{%csrf_token%}