当页面中form使用POST方式向后台提交时，报如下错误：

禁止访问 (403)

CSRF验证失败. 请求被中断.

Help

Reason given for failure:

​ CSRF token missing or incorrect.

In general, this can occur when there is a genuine Cross Site Request Forgery, or when Django's CSRF mechanism has not been used correctly. For POST forms, you need to ensure:

• Your browser is accepting cookies.

• The view function passes a request to the template's render method.

• In the template, there is a {% csrf_token %} template tag inside each POST form that targets an internal URL.

• If you are not using CsrfViewMiddleware, then you must use csrf_protect on any views that use the csrf_token template tag, as well as those that accept the POST data.

• The form has a valid CSRF token. After logging in in another browser tab or hitting the back button after a login, you may need to reload the page with the form, because the token is rotated after a login.

  You're seeing the help section of this page because you have DEBUG = True in your Django settings file. Change that to False, and only the initial error message will be displayed.

  You can customize this page using the CSRF_FAILURE_VIEW setting.

在网上查找了很多资料，普遍采用的解决方法是：

1. 检查settings.py中是否有下面的配置，如没有加上：

   MIDDLEWARE_CLASSES = (

   'django.middleware.common.CommonMiddleware',

   'django.contrib.sessions.middleware.SessionMiddleware',

   'django.middleware.csrf.CsrfViewMiddleware', # 确认存在

   'django.contrib.auth.middleware.AuthenticationMiddleware',

   'django.contrib.messages.middleware.MessageMiddleware',

   'django.middleware.clickjacking.XFrameOptionsMiddleware',

   )

2. html中的form添加模板标签{% csrf_token %}

   <form action="/saveBlog/" method="post">

   {% csrf_token %}

   ...

   </form>

3. 针对views.py进行修改

   from django.shortcuts import render_to_response

   from django.template import RequestContext

   def some_blog(request):

   # ...

   return render_to_response('my_template.html',

   my_data_dictionary,

   context_instance=RequestContext(request))

   以上各步都基本照做了。其中针对视图的修改，因我的写法与网上不一样，我的是：

   def edit_blog(request):

   template = get_template('editBlog.html')

   moods = Mood.objects.all()

   html = template.render(locals())

   ``

   return HttpResponse(html)

   因为官方文档上说render是render_to_response的shortcut，所以没有照网站资料上说的去改。于是错误总是无法解决。

几番挣扎之后，终于在Django出错页面中自己给出的解决办法中有一条：The view function passes a request to the template's rendermethod.（即：视图函数中传递 request 给模板的render方法）。

按这个访求修改后，终于解决问题了！！

def edit_blog(request):

template = get_template('editBlog.html')

moods = Mood.objects.all()

html = template.render(locals(), request) # 把request传递给template.render()

``

return HttpResponse(html)