现象：

Forbidden (403)

CSRF verification failed. Request aborted.

Help

Reason given for failure:

CSRF token missing or incorrect.

In general, this can occur when there is a genuine Cross Site Request Forgery, or when Django's CSRF mechanism has not been used correctly. For POST forms, you need to ensure:

Your browser is accepting cookies.

The view function uses RequestContext for the template, instead of Context.

In the template, there is a {% csrf_token %} template tag inside each POST form that targets an internal URL.

If you are not using CsrfViewMiddleware, then you must use csrf_protect on any views that use the csrf_token template tag, as well as those that accept the POST data.

You're seeing the help section of this page because you have DEBUG = True in your Django settings file. Change that to False, and only the initial error message will be displayed.

You can customize this page using the CSRF_FAILURE_VIEW setting.

解决步骤:

1〉django工程settings.py

MIDDLEWARE_CLASSES = (    'django.middleware.common.CommonMiddleware',    'django.contrib.sessions.middleware.SessionMiddleware',    'django.middleware.csrf.CsrfViewMiddleware',#确认存在    'django.contrib.auth.middleware.AuthenticationMiddleware',    'django.contrib.messages.middleware.MessageMiddleware',    # Uncomment the next line for simple clickjacking protection:    # 'django.middleware.clickjacking.XFrameOptionsMiddleware',)

2〉html中的form添加模板标签{% csrf_token %}

     
      {% csrf_token %}
     

3〉django工程views.py

from django.shortcuts import render_to_responsefrom django.template import RequestContextdef some_view(request):    # ...    return render_to_response('my_template.html',                              my_data_dictionary,                              context_instance=RequestContext(request))

有疑问请戳

P.S如果要屏蔽CSRF

方法1：注释掉django工程settings.py中

#'django.middleware.csrf.CsrfViewMiddleware'

方法2：django工程views.py添加屏蔽装饰器

from django.views.decorators.csrf import csrf_exempt @csrf_exemptdef some_view(request):    #...