Python requests and django - CSRF validation failed. Request aborted

Question

Python requests and django - CSRF validation failed. Request aborted

I have a django server to download files, and when I use the browser, I can download the file without any problems.

But if I use the python-requests commands, this tells me that the CSRF check failed. Request aborted. The python request code is executed as follows:

    #upload via HTTP
    file = {"docfile": open(fullfilename, "rb")}
    s = requests.Session()
    r = s.get(dhost)
    r = s.post(dhost, files=file)

If I execute my code, I get the 403 code, and the CSRF error check failed. Request aborted. Reason identified for failure: CSRF token is missing or incorrect.

But if I look in the header that I sent, I have a set of cookies:

CaseInsensitiveDict({'Content-Length': u'84169', 
'Accept-Encoding': 'gzip, deflate, compress', 
'Accept': '*/*', 
'User-Agent': 'python-requests/2.0.1 CPython/2.7.3 Linux/3.6.11+', 
'Cookie': 'csrftoken=GOOIsG89i5oMCJO6594algTXooxoUeoL', 
'Content-Type': 'multipart/form-data; boundary=86ada00b4f6c41d5997293cce7a53b6b'})

Could you tell me what I have to do to make this work?

Thanks,

John.

+4

python django

user2040597 Nov 27 '13 at 20:31

source share

3 answers

yuvi · Answer 1 · 2013-11-27T20:39:06+0000

, , csrf. , csrf {% csrf_token %}. , , csrf.

, cookie "get", "". , CSRF. , :

file = {"docfile": open(fullfilename, "rb")}
s = requests.Session()
r1 = s.get(dhost)
csrf_token = r1.cookies['csrftoken']
r2 = s.post(dhost, files=file, data={'csrfmiddlewaretoken': csrf_token}, headers=dict(Referer=dhost))

, csrf csrf_exampt:

@csrf_exempt
def my_view(request):
   ...whateva...

, ,

7stud · Answer 2 · 2015-12-19T23:06:32+0000

python-requests, CSRF . , , cookie:

  'Content-Length': u'84169', 
  'Accept-Encoding': 'gzip, deflate, compress', 
  'Accept': '/', 
  'User-Agent': 'python-requests/2.0.1 CPython/2.7.3 Linux/3.6.11+',
  'Cookie': 'csrftoken=GOOIsG89i5oMCJO6594algTXooxoUeoL',
  'Content-Type': 'multipart/form-data; boundary=86ada00b4f6c41d5997293cce7a53b6b

:

1) cookie csrftoken.

2) / :

"csrfmiddlewaretoken" = "csrf token here"

A requests cookie , / :

sess = requests.Session()
r = sess.get(get_url)
my_csrf_token = r.cookies['csrftoken']

with open('myfile.txt') as f:
    r = sess.post(
        post_url,
        data = {
            "csrfmiddlewaretoken": my_csrf_token,
        },
        files = {"myfile": f}

)

print r.status_code
print r.text

html django csrf:

<form name="myMessage" 
      method="post" 
      class="signin" 
      action="/myapp/process_form/"
      enctype="multipart/form-data">

{% csrf_token %}

csrf tag :

<input type="hidden" 
       value="RTpun6OhlRehRRa2nAIcTtFJk5WuWsLg" 
       name="csrfmiddlewaretoken">

/ /, . "csrfmiddlewaretoken", - csrf. django cookie, / .

, csrf , , :

def myview(request):
    from django.middleware.csrf import get_token
    get_token(request)  #This causes django to set the csrftoken cookie in the response

    return HttpResponse('server received GET request')

jpwagner · Answer 3 · 2013-11-27T20:37:52+0000

It depends on what you are trying to do.

If you don't need CSRF checking, you can use the csrf_exempt decorator.

Or you can create a new csrf_exempt view just for accessing python requests.

Python requests and django - CSRF validation failed. Request aborted

More articles: