Django 如何使用CSRF中间件在基于类的视图中修改文件上载处理程序?
在我的Django项目中,我必须“动态”修改文件上传处理程序的元组,以便能够在上传文件流时修改文件流。我需要这个“动态的”,因为我必须从视图中向处理程序提供一些数据(请参阅下面代码中的Django 如何使用CSRF中间件在基于类的视图中修改文件上载处理程序?,django,django-views,django-csrf,Django,Django Views,Django Csrf,在我的Django项目中,我必须“动态”修改文件上传处理程序的元组,以便能够在上传文件流时修改文件流。我需要这个“动态的”,因为我必须从视图中向处理程序提供一些数据(请参阅下面代码中的setup()method) 本文档还提到了在使用CSRF保护时如何注意这一点。这是特别的,因为CSRF保护中间件访问请求中的POST数据,导致文件上载过程将在调用my View之前启动。然而,这只是为旧式视图记录的,但我希望使用基于类的视图来实现同样的功能 下面是我的观点的一个简单代码示例: from djang
setup()from django.views.decorators.csrf import csrf_exempt, csrf_protect
class MyView(TemplateResponseMixin, ContextMixin, View):
template_name = 'mytemplate.html'
def __init__(self, *args, **kwargs):
self.fileuploadhandler = MyUploadHandler()
super(MyView, self).__init__(*args, **kwargs)
def get(self, request, *args, **kwargs):
return self.render_to_response(
self.get_context_data(form=MyForm()))
#@csrf_protect # this gives the error below
def post(self, request, *args, **kwargs):
# Set up the FileUploadHandler
# SNIP - some data is being gathered here
self.fileuploadhandler.setup(mydata)
# Process the POST data by loading the ModelForm
form = MyForm(request.POST, request.FILES)
if form.is_valid():
# SNIP processing Form
else:
return self.render_to_response(self.get_context_data(form=form))
def get_context_data(self, **kwargs):
context = super(MyView, self).get_context_data(**kwargs)
return context
@csrf_exempt # I have to do this
def dispatch(self, *args, **kwargs):
self.request.upload_handlers.insert(0, self.fileuploadhandler)
return super(MyView, self).dispatch(*args, **kwargs)
post@csrf\u protectTraceback (most recent call last):
File "/some/path/to/Envs/someenv/local/lib/python2.7/site-packages/django/core/handlers/base.py", line 115, in get_response
response = callback(request, *callback_args, **callback_kwargs)
File "/some/path/to/Envs/someenv/local/lib/python2.7/site-packages/django/views/generic/base.py", line 68, in view
return self.dispatch(request, *args, **kwargs)
File "/some/path/to/Envs/someenv/local/lib/python2.7/site-packages/django/utils/decorators.py", line 25, in _wrapper
return bound_func(*args, **kwargs)
File "/some/path/to/Envs/someenv/local/lib/python2.7/site-packages/django/contrib/auth/decorators.py", line 25, in _wrapped_view
return view_func(request, *args, **kwargs)
File "/some/path/to/Envs/someenv/local/lib/python2.7/site-packages/django/utils/decorators.py", line 21, in bound_func
return func(self, *args2, **kwargs2)
File "/some/path/to/Envs/someenv/local/lib/python2.7/site-packages/django/utils/decorators.py", line 25, in _wrapper
return bound_func(*args, **kwargs)
File "/some/path/to/Envs/someenv/local/lib/python2.7/site-packages/django/contrib/auth/decorators.py", line 25, in _wrapped_view
return view_func(request, *args, **kwargs)
File "/some/path/to/Envs/someenv/local/lib/python2.7/site-packages/django/utils/decorators.py", line 21, in bound_func
return func(self, *args2, **kwargs2)
File "/some/path/to/Envs/someenv/local/lib/python2.7/site-packages/django/views/decorators/csrf.py", line 77, in wrapped_view
return view_func(*args, **kwargs)
File "/some/path/to/project/myapp/views.py", line 01234, in dispatch
return super(MyView, self).dispatch(*args, **kwargs)
File "/some/path/to/Envs/someenv/local/lib/python2.7/site-packages/django/views/generic/base.py", line 86, in dispatch
return handler(request, *args, **kwargs)
File "/some/path/to/Envs/someenv/local/lib/python2.7/site-packages/django/utils/decorators.py", line 87, in _wrapped_view
result = middleware.process_view(request, view_func, args, kwargs)
File "/some/path/to/Envs/someenv/local/lib/python2.7/site-packages/django/middleware/csrf.py", line 95, in process_view
request.COOKIES[settings.CSRF_COOKIE_NAME])
AttributeError: 'MyView' object has no attribute 'COOKIES'
- 基于类的视图的使用
- 能够“动态”修改文件上载处理程序
- 视图上有适当的CSRF保护
Django版本:1.5.1,Python 2.7.3。在一位同事的帮助下,我发现了一种使用CSRF中间件在视图中手动检查令牌的丑陋方法。以下是菜谱:
from django.views.decorators.csrf import csrf_exempt, csrf_protect
from django.middleware.csrf import CsrfViewMiddleware
class MyView(TemplateResponseMixin, ContextMixin, View):
template_name = 'mytemplate.html'
def __init__(self, *args, **kwargs):
self.fileuploadhandler = MyUploadHandler()
super(MyView, self).__init__(*args, **kwargs)
def post(self, request, *args, **kwargs):
# Set up the FileUploadHandler
# SNIP - some data is being gathered here
self.fileuploadhandler.setup(mydata)
# Check CSRF manually *after* initializing the file upload handlers.
csrf_checker = CsrfViewMiddleware()
csrf_error = csrf_checker.process_view(request, None, None, None)
if csrf_error is not None:
return csrf_error # csrf_error is the regular CSRF error View
# Process the POST data by loading the ModelForm
form = MyForm(request.POST, request.FILES)
if form.is_valid():
# SNIP processing Form
else:
return self.render_to_response(self.get_context_data(form=form))
@csrf_exempt # Important to skip CSRF checking here.
def dispatch(self, *args, **kwargs):
self.request.upload_handlers.insert(0, self.fileuploadhandler)
return super(MyView, self).dispatch(*args, **kwargs)
check\u-tokenprocess\u-view