如何使用paypal在django中实现csrf？_Django_Paypal_Csrf

如何使用paypal在django中实现csrf？

django paypal

如何使用paypal在django中实现csrf？,django,paypal,csrf,Django,Paypal,Csrf,根据教程，我尝试在我的网页上实现Paypal 到目前为止，我所拥有的： views.py def view_that_asks_for_money(request): c = {} # What you want the button to do. paypal_dict = { "business": settings.PAYPAL_RECEIVER_EMAIL, "amount": "0.01", "item_name"

根据教程，我尝试在我的网页上实现Paypal

到目前为止，我所拥有的：

views.py

def view_that_asks_for_money(request):
    c = {}
    # What you want the button to do.
    paypal_dict = {
        "business": settings.PAYPAL_RECEIVER_EMAIL,
        "amount": "0.01",
        "item_name": "name of the item",
        "invoice": "unique-invoice-id",
        "notify_url": "xxx/nnnn" + reverse('paypal-ipn'),
        "return_url": "xxx/aaa",
        "cancel_return": "xxx/bbb",
        "custom": "Upgrade all users!",  # Custom command to correlate to some function later (optional)
    }

    # Create the instance.
    form = PayPalPaymentsForm(initial=paypal_dict)
    c.update({"form":form})
    return render_to_response(app/payment.html",
                              c,
                              context_instance=RequestContext(request))


def show_me_the_money(sender, **kwargs):
    ipn_obj = sender
    print("hierkamwsan")
    if ipn_obj.payment_status == ST_PP_COMPLETED:
        # Undertake some action depending upon `ipn_obj`.
        if ipn_obj.custom == "Upgrade all users!":
            print("upgradedUser")
            #Users.objects.update(paid=True)
    else:
        print("UwerNotValid")

valid_ipn_received.connect(show_me_the_money)

url.py（应用程序内）：

url.py（django cms中的通用）：

payment.html

<{% extends 'base.html' %}
<!DOCTYPE html>
{% block content %}
<html>
    <head>
        <meta charset="utf-8">
        <title>Paypal-Payment</title>   
    </head>
    <body>h1>Show me the money!</h1>
<!-- writes out the form tag automatically -->
{{ form.render }}
{% csrf_token %}
</body>
</html>
{% endblock %}

谁能告诉我：

如何正确实现csrf令牌
如果使用notify_url正确处理paypal的响应。我认为视图中的调用“valid\u ipn\u received.connect（show\u me\u the\u money）”是错误的。但是在哪里做呢

编辑（我在payment.html表单发送到浏览器时添加了该表单的来源）：

h1>让我看看钱！

我期待着你的帮助！

玛丽娜

我还在挣扎。在django paypal的模板中找到以下内容。这是我得到的默认按钮的渲染命令

    def render(self):
        return mark_safe(u"""<form action="%s" method="post">
    %s 
    <input type="image" src="%s" border="0" name="submit" alt="Buy it Now" />
</form>""" % (self.get_endpoint(), self.as_p(), self.get_image()))

def渲染（自）：
返回标记为“安全（u）”
%
“”“%（self.get\u endpoint（），self.as\u p（），self.get\u image（））

现在，我想知道是否有可能将csrf_标记集成到此渲染定义中的某个位置。

它是？我必须在哪里添加它？这真的是解决办法吗？还是有更聪明、更优雅的东西？

看起来CSRF令牌并不是在表单内部呈现的。如果加载页面并查看源代码，则标记是在表单标记内部还是外部？我编辑了我的帖子，并在将其发送到浏览器时添加了源代码。如何在表单中获取csrf令牌？

<{% extends 'base.html' %}
<!DOCTYPE html>
{% block content %}
<html>
    <head>
        <meta charset="utf-8">
        <title>Paypal-Payment</title>   
    </head>
    <body>h1>Show me the money!</h1>
<!-- writes out the form tag automatically -->
{{ form.render }}
{% csrf_token %}
</body>
</html>
{% endblock %}

Forbidden (403)

CSRF verification failed. Request aborted.
Help

Reason given for failure:

CSRF token missing or incorrect.


In general, this can occur when there is a genuine Cross Site Request Forgery, or when Django's CSRF mechanism has not been used correctly. For POST forms, you need to ensure:

    Your browser is accepting cookies.
    The view function uses RequestContext for the template, instead of Context.
    In the template, there is a {% csrf_token %} template tag inside each POST form that targets an internal URL.
    If you are not using CsrfViewMiddleware, then you must use csrf_protect on any views that use the csrf_token template tag, as well as those that accept the POST data.

You're seeing the help section of this page because you have DEBUG = True in your Django settings file. Change that to False, and only the initial error message will be displayed.

You can customize this page using the CSRF_FAILURE_VIEW setting.

<body>h1>Show me the money!</h1>
<!-- writes out the form tag automatically -->
<form action="https://www.sandbox.paypal.com/cgi-bin/webscr" method="post">
    <input id="id_business" name="business" type="hidden" value="mymail@mymail.com" /><input id="id_amount" name="amount" type="hidden" value="0.01" /><input id="id_item_name" name="item_name" type="hidden" value="name of the item" /><input id="id_notify_url" name="notify_url" type="hidden" value="http://xxxxx.ngrok.com/en/mypage/" /><input id="id_cancel_return" name="cancel_return" type="hidden" value="http://xxxxx.ngrok.com/en/accounts/login/" /><input id="id_return_url" name="return" type="hidden" value="http://xxxxx.ngrok.com/de/accounts/login/" /><input id="id_custom" name="custom" type="hidden" value="Upgrade all users!" /><input id="id_invoice" name="invoice" type="hidden" value="unique-invoice-id29" /><input id="id_cmd" name="cmd" type="hidden" value="_xclick" /><input id="id_charset" name="charset" type="hidden" value="utf-8" /><input id="id_currency_code" name="currency_code" type="hidden" value="USD" /><input id="id_no_shipping" name="no_shipping" type="hidden" value="1" />
    <input type="image" src="https://www.sandbox.paypal.com/en_US/i/btn/btn_buynowCC_LG.gif" border="0" name="submit" alt="Buy it Now" />
</form>
<input type='hidden' name='csrfmiddlewaretoken' value='5VDa6VWHZFAD6thEsOIwKxhlWPOlOD62' />
</body>

    def render(self):
        return mark_safe(u"""<form action="%s" method="post">
    %s 
    <input type="image" src="%s" border="0" name="submit" alt="Buy it Now" />
</form>""" % (self.get_endpoint(), self.as_p(), self.get_image()))