Tornado – ‘_xsrf’ argument missing from POST

我的 web server 在接收到 post 時會失敗, 並顯示錯誤訊息:

 '_xsrf' argument missing from POST

解法:
https://stackoverflow.com/questions/12890105/tornado-xsrf-argument-missing-from-post

I imagine you have Cross-site request forgery cookies enabled in your settings (by default it is on).

Tornado’s XSRF is here

To fix this turn it off in your settings:

settings = {
    "xsrf_cookies": False,
}

Note: Normally you dont want to turn this off and normally you’d be generating HTML in a template like this: Please note the xsrf bit which adds the XSRF cookie.

 <form method="post" action="/register">
     <input name="user_name" value="[email protected]"/>
     <input name="password" type="password"/>
     <input type="submit" value="submit"/>
{% raw xsrf_form_html() %}
 </form>

—EDIT following comments— Instead of:

  def get(self):
        loader = template.Loader("resources")
        page_contents = loader.load('register_page.html').generate()
        self.write(page_contents)

Do:

  def get(self):
     self.render("../resources/register_page.html")

or better:

  def get(self):
     self.render("register_page.html")

(and put it in your templates directory)

發佈留言

發佈留言必須填寫的電子郵件地址不會公開。 必填欄位標示為 *