Integriert die django-jquery-file-upload in mein Django-Projekt. Upload und Ansicht der Liste funktioniert jetzt. aber kann die Datei nicht löschen.403 FORBIDDEN beim Löschen der Datei im Django-Projekt
Details:
Die Datei ist im Verzeichnis/opt/data/myproject/uploads/Bild
Berechtigungen:
drwxrwxrwx 2 Daemon Daemon 39 10. Juni 15.50 Bilder
class FileListView(ListView):
model = Picture
def render_to_response(self, context, **response_kwargs):
files = [ serialize(p) for p in self.get_queryset() ]
data = {'files': files}
response = JSONResponse(data, mimetype=response_mimetype(self.request))
response['Content-Disposition'] = 'inline; filename=files.json'
return response
Teil von picture_form.html:
<form id="fileupload" method="post" action="." enctype="multipart/form-data">{% csrf_token %}
setting.py
MIDDLEWARE_CLASSES = (
'django.contrib.sessions.middleware.SessionMiddleware',
'django.middleware.common.CommonMiddleware',
'django.middleware.csrf.CsrfViewMiddleware',
'django.contrib.auth.middleware.AuthenticationMiddleware',
'django.contrib.messages.middleware.MessageMiddleware',
'django.middleware.clickjacking.XFrameOptionsMiddleware',
'lib.middleware.SessionTimeout',
'django.middleware.csrf.CsrfViewMiddleware',
#'django.middleware.csrf.CsrfResponseMiddleware',
#'django.middleware.security.SecurityMiddleware',
'django.contrib.auth.middleware.SessionAuthenticationMiddleware',
)
Anfrage
Host: xxx
User-Agent: Mozilla/5.0 (X11; Ubuntu; Linux x86_64; rv:42.0) Gecko/20100101 Firefox/42.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
X-CSRFToken: xxxxx
X-Requested-With: XMLHttpRequest
Referer: https://myip/myprojectl/upload/new/
Cookie: csrftokenportal=a
zk;
csrftokenmy=DKoPqrRjSd;
sessionidcentral=k88cccccc3;
csrftoken=xxxxxxxxxxxxx
Connection: keep-alive
DELETE https://myip/myproject/upload/delete/22
Fehler
403 Forbidden
Irgendeine Idee?
DankWeitere Details
CSRF verification failed. Request aborted.
Help
Reason given for failure:
CSRF token missing or incorrect.
In general, this can occur when there is a genuine Cross Site Request Forgery, or when Django's CSRF mechanism has not been used correctly. For POST forms, you need to ensure:
Your browser is accepting cookies.
The view function uses RequestContext for the template, instead of Context.
In the template, there is a {% csrf_token %} template tag inside each POST form that targets an internal URL.
If you are not using CsrfViewMiddleware, then you must use csrf_protect on any views that use the csrf_token template tag, as well as those that accept the POST data.
You're seeing the help section of this page because you have DEBUG = True in your Django settings file. Change that to False, and only the initial error message will be displayed.
You can customize this page using the CSRF_FAILURE_VIEW setting.
die doc Lesen, scheint es, dass ich bereits die drei Anforderungen getan.
Vielleicht kann Ihnen das helfen: http://StackOverflow.com/Questions/4547639/Django-csrf-verification-failed – gglasses
@Gglasses versucht, immer noch in der Ausgabe stecken. Vielleicht habe ich etwas falsch gemacht. oder etwas fehlt. – BAE