Bonjour à tous,
Je met les mains dans le cambouis et voici mes
premier problème.
Lorsque j'essaye d'envoyer mon form (pour tester les
gestions des erreurs)
J'ai l'erreur suivante:
FORBIDDEN (403)
CSRF
verification failed. Request aborted.
HELP
Reason given for failure:
CSRF cookie not set.
In general, this can occur when there is a
genuine Cross Site Request Forgery, or when Django's CSRF mechanism [1]
has not been used correctly. For POST forms, you need to ensure:
*
Your browser is accepting cookies.
* The view function uses
RequestContext [2] for the template, instead of Context.
* In the
template, there is a {% csrf_token %} template tag inside each POST form
that targets an internal URL.
* If you are not using
CsrfViewMiddleware, then you must use csrf_protect on any views that use
the csrf_token template tag, as well as those that accept the POST
data.
You're seeing the help section of this page because you have
DEBUG = True in your Django settings file. Change that to False, and
only the initial error message will be displayed.
You can customize
this page using the CSRF_FAILURE_VIEW setting.
Voici ce que j'ai
concernant le CSRF:
settings.py:
MIDDLEWARE_CLASSES = (
'django.middleware.csrf.CsrfViewMiddleware',
'django.middleware.common.CommonMiddleware',
'django.contrib.sessions.middleware.SessionMiddleware',
'django.contrib.auth.middleware.AuthenticationMiddleware',
'django.contrib.messages.middleware.MessageMiddleware',
# Uncomment the
next line for simple clickjacking protection:
#
'django.middleware.clickjacking.XFrameOptionsMiddleware',
)
Mon
template:
{% extends "base.html" %}
{% block title %}Connexion{%
endblock %}
{% block bodyId %}loginPage{% endblock %}
{% block content
%}
<form action="." method="POST">
{% csrf_token %}
{% if error %}
<p
class="error">{{ error }}</p>
{% endif %}
<p>
<label
for="email">Courriel:</label>
<input name="email" id="email" size="30"
tpe="email" />
</p>
<p>
<label for="password">Mot de passe:</label>
<input name="password" id="password" size="30" type="password" />
</p>
<p>
<input type="submit" value="Se connecter"/>
<a href="">
Créer un compte</a>
</p>
</form>
{% endblock %}
Ma vue:
# -*-
coding: utf-8 -*-
'''
Created on 8 nov. 2012
@author:
m.cornelis
'''
from django.shortcuts import render_to_response
from
django.http import HttpResponseRedirect
from datetime import
datetime
def welcome(request):
return
render_to_response('welcome.html',
{'current_date_time': datetime.now}
),
def login(request):
#teste si le formulaire a été envoyé
if
len(request.POST) >0:
# Teste si mes paramètres attendus ont été
transmis
if 'email' not in request.POST or 'password' not in
request.POST:
error = "Veuillez entrer votre adresse email et votre mot
de passe."
return render_to_response('login.html', {'error' : error})
else:
email = request.POST['email']
password =
request.POST['password']
#teste si le mot de passe est le bon
if
password != 'password' or email != '[email protected]':
error = "Adresse
email ou mot de passe erroné."
return render_to_response('login.html',
{'error': error})
#Tout est bon, on va a la page d'accueil (welcome)
else:
return HttpResponseRedirect('/welcome')
#Le formulaire n'a pas
été envoyé
else:
return render_to_response ('login.html')
Merci à
vous :)
--
Michaël Cornelis
Rue Terne des vaches N°8
6460
Chimay
Gsm: +32 (0)475/ 517.866
Fixe: +32 (0)60/ 779.010
E-Mail:
[email protected]
______________________________
http://nut.lu [3] |
Raccourcisseur d'URL
Links:
------
[1]
http://docs.djangoproject.com/en/dev/ref/contrib/csrf/#ref-contrib-csrf
[2]
http://docs.djangoproject.com/en/dev/ref/templates/api/#subclassing-context-requestcontext
[3]
http://nut.lu
_______________________________________________
django mailing list
[email protected]
http://lists.afpy.org/mailman/listinfo/django
