Ctrl →

Rebra4 · Март 1, 2015 17:09:34

Какие возможные причины возникновения ошибки 403 при использовании форм?
У меня почему то ошибка возникает при смене языка.

Отредактировано Rebra4 (Март 1, 2015 17:15:47)

terabayt · Март 1, 2015 17:15:29

при использованнии форм? прост форм или ajax?
у меня когда пишет 403 я смотрю на права папок, в большинстве случаев помогает изменение прав

————————————————
-*- Simple is better than complex -*-

Rebra4 · Март 1, 2015 17:19:38

Форм. Меняю язык и сразу при нажатии на кнопку возникает ошибка 403.

Отредактировано Rebra4 (Март 1, 2015 19:01:50)

Rebra4 · Март 1, 2015 19:01:25

передал get вместо post, заработало нормально.

terabayt · Март 1, 2015 19:07:05

ага
1) нужно было показать файлы html и views
2) включить debug и написать ошибку
эт чтобы мы могли вам помочь в следующий раз
и вот почитайте
csrf

————————————————
-*- Simple is better than complex -*-

Rebra4 · Март 1, 2015 19:40:07

views.py

def current(request):
	profile = Knowledge.objects.all()
	paginator = Paginator(profile, 2)
	page = request.GET.get('page')
	try:
		contacts = paginator.page(page)
	except PageNotAnInteger:
		contacts = paginator.page(1)
	except EmptyPage:
		contacts = paginator.page(paginator.num_pages)
	return render_to_response('index.html',{'text':contacts},RequestContext(request))

index.html

{% extends "base.html" %}
{% load bootstrap3 %}
{% load i18n %}
{% block content %}
<div class="well well-sm">
<form method="post" action="/next_read/" enctype="multipart/form-data">
{% for text in text %}
<div class="well well-sm">
<h3 style="color:gray;">{{text.name_post}}</h3>
<section id="examples" class="examples-section">
<div class="container">
<div class="image-row">
<div class="image-set">
<a class="example-image-link" href="{{ text.photo.url }}" data-lightbox="example-set" data-title="{{text.name_image}}"><img class="example-image" src="{{ text.avatar_thumbnail.url }}" alt=""/></a>
</div>
</div>
</div>
<br>
</section>
<strong class="muted" style="color:gray;">{{text.name_category}}</strong>
<br>
<strong style="color:gray;">{{text.date_post}}</strong>
<p>
{{text.short_post}}
</p>
<p>
<button class="btn btn-large btn-primary" type="submit" value="{% trans 'Submit' %}">Читать дальше</button>
</p>
<hr>
</div>
{% endfor %}
<h5>
<div style="text-align: center;">
{% bootstrap_pagination text %}
</div>
</form>
</h5>
</div>
{% endblock %}

Forbidden (403)
CSRF verification failed. Request aborted.
Help
Reason given for failure:
    CSRF token missing or incorrect.
    
In general, this can occur when there is a genuine Cross Site Request Forgery, or when Django's CSRF mechanism has not been used correctly. For POST forms, you need to ensure:
    Your browser is accepting cookies.
    The view function uses RequestContext for the template, instead of Context.
    In the template, there is a {% csrf_token %} template tag inside each POST form that targets an internal URL.
    If you are not using CsrfViewMiddleware, then you must use csrf_protect on any views that use the csrf_token template tag, as well as those that accept the POST data.
You're seeing the help section of this page because you have DEBUG = True in your Django settings file. Change that to False, and only the initial error message will be displayed.
You can customize this page using the CSRF_FAILURE_VIEW setting.

Отредактировано Rebra4 (Март 1, 2015 19:49:44)

terabayt · Март 1, 2015 19:50:57

How to use it
To enable CSRF protection for your views, follow these steps:

1) Add the middleware ‘django.middleware.csrf.CsrfViewMiddleware’ to your list of middleware classes, MIDDLEWARE_CLASSES. (It should come before any view middleware that assume that CSRF attacks have been dealt with.)

Alternatively, you can use the decorator csrf_protect() on particular views you want to protect (see below).

2) In any template that uses a POST form, use the csrf_token tag inside the <form> element if the form is for an internal URL, e.g.:

<form action="." method="post">{% csrf_token %}

This should not be done for POST forms that target external URLs, since that would cause the CSRF token to be leaked, leading to a vulnerability.

3) In the corresponding view functions, ensure that the ‘django.core.context_processors.csrf’ context processor is being used. Usually, this can be done in one of two ways:

a) Use RequestContext, which always uses ‘django.core.context_processors.csrf’ (no matter what your TEMPLATE_CONTEXT_PROCESSORS setting). If you are using generic views or contrib apps, you are covered already, since these apps use RequestContext throughout.

b) Manually import and use the processor to generate the CSRF token and add it to the template context. e.g.:

from django.core.context_processors import csrf
from django.shortcuts import render_to_response
def my_view(request):
    c = {}
    c.update(csrf(request))
    # ... view code here
    return render_to_response("a_template.html", c)

You may want to write your own render_to_response() wrapper that takes care of this step for you.

The utility script extras/csrf_migration_helper.py (located in the Django distribution, but not installed) can help to automate the finding of code and templates that may need these steps. It contains full help on how to use it.

нашел на русском http://djbook.ru/rel1.7/ref/contrib/csrf.html

————————————————
-*- Simple is better than complex -*-

Отредактировано terabayt (Март 1, 2015 19:54:52)

Rebra4 · Март 1, 2015 19:59:21

это не помогло, если применять post. Проблема скорее всего связана с интернационализацией.

Отредактировано Rebra4 (Март 1, 2015 20:01:12)

terabayt · Март 1, 2015 20:00:49

что вы сделали?
включите debug и покажите что пишет

————————————————
-*- Simple is better than complex -*-

Rebra4 · Март 1, 2015 20:05:36

Запрос
View
View функция 	Аргументы 	Именованные аргументы 	URL Name
newsite.views.current_next 	() 	{} 	life_next
Cookies
Переменная 	Значение
'csrftoken' 	'nUyQH4xZYqO16QP0hJB4m8zSf6ofLuyy'
'djdt' 	'hide'
'messages' 	'f77ce6517143768491eae38d1c4f32c02d752f65$[["__json_message",0,25,"category go \\"\\u0411\\u0440\\u043e\\u043d\\u0435\\u0442\\u0435\\u0445\\u043d\\u0438\\u043a\\u0430 > \\u041a\\u0430\\u0440\\u0442\\u043e\\u0448\\u043a\\u0430\\" \\u0431\\u044b\\u043b \\u0443\\u0441\\u043f\\u0435\\u0448\\u043d\\u043e \\u0438\\u0437\\u043c\\u0435\\u043d\\u0435\\u043d."],["__json_message",0,25,"category go \\"\\u041f\\u0440\\u0438\\u0440\\u043e\\u0434\\u0430 > \\u0417\\u0430\\u043f\\u0430\\u0434\\" \\u0431\\u044b\\u043b \\u0443\\u0441\\u043f\\u0435\\u0448\\u043d\\u043e \\u0438\\u0437\\u043c\\u0435\\u043d\\u0435\\u043d."],["__json_message",0,25,"knowledge \\"\\u041f\\u043e\\u0434\\u043b\\u043e\\u0434\\u043a\\u0430\\" \\u0431\\u044b\\u043b \\u0443\\u0441\\u043f\\u0435\\u0448\\u043d\\u043e \\u0434\\u043e\\u0431\\u0430\\u0432\\u043b\\u0435\\u043d."],["__json_message",0,25,"category \\"\\u0424\\u0438\\u0437\\u0438\\u043a\\u0430\\" \\u0431\\u044b\\u043b \\u0443\\u0441\\u043f\\u0435\\u0448\\u043d\\u043e \\u0434\\u043e\\u0431\\u0430\\u0432\\u043b\\u0435\\u043d."]]'
'sessionid' 	'5fy1fbla939xt6sgighlwuay96fzklng'
Сессия
Переменная 	Значение
u'_auth_user_backend' 	u'django.contrib.auth.backends.ModelBackend'
u'_auth_user_id' 	1
u'_messages' 	u'[["__json_message",0,25,"category \\"\\u041f\\u0440\\u0438\\u0440\\u043e\\u0434\\u0430\\" \\u0431\\u044b\\u043b \\u0443\\u0441\\u043f\\u0435\\u0448\\u043d\\u043e \\u0438\\u0437\\u043c\\u0435\\u043d\\u0435\\u043d."]]'
u'django_language' 	u'ru'
Нет GET данных
Нет POST данных

Сигналы
Сигнал 	Providing 	Получатели сигнала
class_prepared 	class 	ensure_default_manager, do_pending_lookups
connection_created 	connection 	
got_request_exception 	request 	
post_delete 	instance, using 	
post_init 	instance 	ModelSignalRouter.post_init_receiver, ImageField.update_dimension_fields, ImageField.update_dimension_fields, delete_mt_init
post_save 	update_fields, instance, created, using, raw 	ModelSignalRouter.post_save_receiver
post_syncdb 	app, db, class, created_models, verbosity, interactive 	
pre_delete 	instance, using 	clear_site_cache, mymodel_delete, ModelBase.changed
pre_init 	instance, args, kwargs 	
pre_save 	update_fields, instance, using, raw 	clear_site_cache, ModelBase.changed
request_finished 		close_old_connections, LocMemCache.close, DummyCache.close
request_started 		reset_queries, close_old_connections

Сомневаюсь что от этого есть польза

+с терминала

[01/Mar/2015 18:01:47] "POST /next_read/ HTTP/1.1" 403 12556
[01/Mar/2015 18:02:46] "GET /__debug__/render_panel/?store_id=e2d4925a3b7446f0acaa12a3db743538&panel_id=SignalsPanel HTTP/1.1" 200 1894
[01/Mar/2015 18:03:04] "GET /__debug__/render_panel/?store_id=e2d4925a3b7446f0acaa12a3db743538&panel_id=RequestPanel HTTP/1.1" 200 3568
[01/Mar/2015 18:03:17] "GET /__debug__/render_panel/?store_id=e2d4925a3b7446f0acaa12a3db743538&panel_id=TimerPanel HTTP/1.1" 200 1465
[01/Mar/2015 18:03:17] "GET /static/debug_toolbar/js/toolbar.timer.js?_=1425232907384 HTTP/1.1" 200 2570
[01/Mar/2015 18:05:02] "GET /__debug__/render_panel/?store_id=e2d4925a3b7446f0acaa12a3db743538&panel_id=LoggingPanel HTTP/1.1" 200 39

Отредактировано Rebra4 (Март 1, 2015 20:07:54)

Python-сообщество

Уведомления

#1 Март 1, 2015 17:09:34

403 ошибка

#2 Март 1, 2015 17:15:29

403 ошибка

#3 Март 1, 2015 17:19:38

403 ошибка

#4 Март 1, 2015 19:01:25

403 ошибка

#5 Март 1, 2015 19:07:05

403 ошибка

#6 Март 1, 2015 19:40:07

403 ошибка

#7 Март 1, 2015 19:50:57

403 ошибка

#8 Март 1, 2015 19:59:21

403 ошибка

#9 Март 1, 2015 20:00:49

403 ошибка

#10 Март 1, 2015 20:05:36

403 ошибка

Board footer