{% csrf_token%}的問題 下面的code是照書做的（Django 架站的16堂課約莫在8-19至8-22頁 ） 環境 Django版本1.10, python 2.7 照書上寫的我在<form></form>之間放進 {% csrf_token %}，如下的posting.html 然後相對應的view function定義如下的 posting function 可是還是會出現下面的錯誤訊息 Help Reason given for failure: CSRF token missing or incorrect. In general, this can occur when there is a genuine Cross Site Request Forgery, or when Django's CSRF mechanism has not been used correctly. For POST forms, you need to ensure: Your browser is accepting cookies. The view function passes a request to the template's render method. In the template, there is a {% csrf_token %} template tag inside each POST form that targets an internal URL. If you are not using CsrfViewMiddleware, then you must use csrf_protect on any views that use the csrf_tokentemplate tag, as well as those that accept the POST data. The form has a valid CSRF token. After logging in in another browser tab or hitting the back button after a login, you may need to reload the page with the form, because the token is rotated after a login. You're seeing the help section of this page because you have DEBUG = True in your Django settings file. Change that to False, and only the initial error message will be displayed. You can customize this page using the CSRF_FAILURE_VIEW setting. 然後我照著上面的提示Django's CSRF mechanism以及render 把下面這幾行用一行render處理 template = get_template('posting.html') request_context = RequestContext(request) request_context.push(locals()) html = template.render(request_context) return HttpResponse(html) 也就是改成 return render(request, ‘posting.html’,locals()) 結果錯誤訊息就不見了 我想要問各位大大，書上的寫法有錯嗎？ 如果有，要怎麼用RequestContext以及template.render()改到對？ 如果沒有，我是死在哪邊? xd def posting(request): moods = models.Mood.objects.all() message = "如要張貼訊息，則每一個欄位都要填..." template = get_template('posting.html') request_context = RequestContext(request) request_context.push(locals()) html = template.render(request_context) return HttpResponse(html) posting.html： {% extends "base.html" %} {% block title %}我有話要說{% endblock %} {% block content %} <div class='container'> {% if message %} <div class='alert alert-warning'>{{message}}</div> {% endif %} <form name='my form' action='.' method='POST'> {% csrf_token %} 現在的心情:<br/> {% for m in moods %} <input type='radio' name='mood' value='{{m.status}}'>{{m.status}} {% endfor %} <br/> 心情留言板:<br/> <textarea name='user_post' rows=3 cols=70></textarea><br/> <label for='user_id'>你的暱稱:</label> <input id='user_id' type='text' name='user_id'> <label for='user_pass'>張貼/刪除密碼:</label> <input id='user_pass' type='password' name='user_pass'> <input type='submit' value='張貼'> <input type='reset' value='清除重填'> </form> </div> {% endblock %} -- ※ 發信站: 批踢踢實業坊(ptt.cc), 來自: 114.43.86.76 ※ 文章網址: https://www.ptt.cc/bbs/Python/M.1501812320.A.517.html ※ 編輯: left (114.43.86.76), 08/04/2017 10:07:22