Django provides users with the ability to prevent cross-site request forgery
You need to configure settings.py:
Django.middleware.csrf.CsrfViewMiddleware
1. Form form submission
<form action= "/logi/" method= "POST" > {% csrf_token%} #需要在form表单中添加 {% csrf_token%} <input type= "Text" name= "user"/> <input type= "text" name= "pwd"/> <input type= "checkbox" Name= "RMB" value= "1" /> 10 sec Free Login <input type= "Submit" value= "Commit"/></form>
2. Ajax Way to submit
JS uses Ajax to submit data, adding Csrf<script src= "/static/jquery.min.js" ></script><script src= "/static/ Jquery.cookie.js "></script><script> $ (function () { $ (' #btn '). Click (function () { $. Ajax ({ URL: '/logi/', type: ' POST ', data: {' user ': ' Root ', ' pwd ': ' 123 '}, headers: {' X-csrftoken ': $. Cookie (' Csrftoken ')}, #设置csrftoken到http响应头中 where the key is X-csrftoken is Django fixed success:function (ARG) { } }) }) }) </script>
Django-website Program Case Series -1 CSRF