The first problem is met when I am connecting Django with MySql.
Installing MySqldb (or MySql-python) from the site:
The second problem is Forbidden (403) CSRF verification failed. Request aborted.
Assuming everything else is fine.
The solution is to add into "settings.py=>MIDDLEWARE_CLASSES"
the line
the line
'django.middleware.csrf.CsrfResponseMiddleware',
How to use CSRF
To enable CSRF protection for your views, follow these steps:
- Add the middleware 'django.middleware.csrf.CsrfViewMiddleware' to your list of middleware classes,MIDDLEWARE_CLASSES. (It should come and before any view middleware that assume that CSRF attacks have been dealt with.)Alternatively, you can use the decorator csrf_protect() on particular views you want to protect (see below).
- In any template that uses a POST form, use the csrf_token tag inside the
- In the corresponding view functions, ensure that the 'django.core.context_processors.csrf' context processor is being used. Usually, this can be done in one of two ways:
- Use RequestContext, which always uses 'django.core.context_processors.csrf' (no matter what your TEMPLATE_CONTEXT_PROCESSORS setting). If you are using generic views or contrib apps, you are covered already, since these apps use RequestContext throughout.
- Manually import and use the processor to generate the CSRF token and add it to the template context. e.g.:
from django.core.context_processors import csrf from django.shortcuts import render_to_response def my_view(request): c = {} c.update(csrf(request)) # ... view code here return render_to_response("a_template.html", c)You may want to write your own render_to_response() wrapper that takes care of this step for you.
The utility script extras/csrf_migration_helper.py can help to automate the finding of code and templates that may need these steps. It contains full help on how to use it.
No comments:
Post a Comment