如何使用paypal在django中实现csrf?
根据教程,我尝试在我的网页上实现Paypal 到目前为止,我所拥有的: views.py如何使用paypal在django中实现csrf?,django,paypal,csrf,Django,Paypal,Csrf,根据教程,我尝试在我的网页上实现Paypal 到目前为止,我所拥有的: views.py def view_that_asks_for_money(request): c = {} # What you want the button to do. paypal_dict = { "business": settings.PAYPAL_RECEIVER_EMAIL, "amount": "0.01", "item_name"
def view_that_asks_for_money(request):
c = {}
# What you want the button to do.
paypal_dict = {
"business": settings.PAYPAL_RECEIVER_EMAIL,
"amount": "0.01",
"item_name": "name of the item",
"invoice": "unique-invoice-id",
"notify_url": "xxx/nnnn" + reverse('paypal-ipn'),
"return_url": "xxx/aaa",
"cancel_return": "xxx/bbb",
"custom": "Upgrade all users!", # Custom command to correlate to some function later (optional)
}
# Create the instance.
form = PayPalPaymentsForm(initial=paypal_dict)
c.update({"form":form})
return render_to_response(app/payment.html",
c,
context_instance=RequestContext(request))
def show_me_the_money(sender, **kwargs):
ipn_obj = sender
print("hierkamwsan")
if ipn_obj.payment_status == ST_PP_COMPLETED:
# Undertake some action depending upon `ipn_obj`.
if ipn_obj.custom == "Upgrade all users!":
print("upgradedUser")
#Users.objects.update(paid=True)
else:
print("UwerNotValid")
valid_ipn_received.connect(show_me_the_money)
url.py(应用程序内):
url.py(django cms中的通用):
payment.html
<{% extends 'base.html' %}
<!DOCTYPE html>
{% block content %}
<html>
<head>
<meta charset="utf-8">
<title>Paypal-Payment</title>
</head>
<body>h1>Show me the money!</h1>
<!-- writes out the form tag automatically -->
{{ form.render }}
{% csrf_token %}
</body>
</html>
{% endblock %}
谁能告诉我:
- 如何正确实现csrf令牌
- 如果使用notify_url正确处理paypal的响应。我认为视图中的调用“valid\u ipn\u received.connect(show\u me\u the\u money)”是错误的。但是在哪里做呢
h1>让我看看钱!
我期待着你的帮助!
玛丽娜我还在挣扎。在django paypal的模板中找到以下内容。这是我得到的默认按钮的渲染命令
def render(self):
return mark_safe(u"""<form action="%s" method="post">
%s
<input type="image" src="%s" border="0" name="submit" alt="Buy it Now" />
</form>""" % (self.get_endpoint(), self.as_p(), self.get_image()))
def渲染(自):
返回标记为“安全(u)”
%
“”“%(self.get\u endpoint(),self.as\u p(),self.get\u image())
现在,我想知道是否有可能将csrf_标记集成到此渲染定义中的某个位置。
它是?我必须在哪里添加它?这真的是解决办法吗?还是有更聪明、更优雅的东西?看起来CSRF令牌并不是在表单内部呈现的。如果加载页面并查看源代码,则标记是在表单标记内部还是外部?我编辑了我的帖子,并在将其发送到浏览器时添加了源代码。如何在表单中获取csrf令牌?
<{% extends 'base.html' %}
<!DOCTYPE html>
{% block content %}
<html>
<head>
<meta charset="utf-8">
<title>Paypal-Payment</title>
</head>
<body>h1>Show me the money!</h1>
<!-- writes out the form tag automatically -->
{{ form.render }}
{% csrf_token %}
</body>
</html>
{% endblock %}
Forbidden (403)
CSRF verification failed. Request aborted.
Help
Reason given for failure:
CSRF token missing or incorrect.
In general, this can occur when there is a genuine Cross Site Request Forgery, or when Django's CSRF mechanism has not been used correctly. For POST forms, you need to ensure:
Your browser is accepting cookies.
The view function uses RequestContext for the template, instead of Context.
In the template, there is a {% csrf_token %} template tag inside each POST form that targets an internal URL.
If you are not using CsrfViewMiddleware, then you must use csrf_protect on any views that use the csrf_token template tag, as well as those that accept the POST data.
You're seeing the help section of this page because you have DEBUG = True in your Django settings file. Change that to False, and only the initial error message will be displayed.
You can customize this page using the CSRF_FAILURE_VIEW setting.
<body>h1>Show me the money!</h1>
<!-- writes out the form tag automatically -->
<form action="https://www.sandbox.paypal.com/cgi-bin/webscr" method="post">
<input id="id_business" name="business" type="hidden" value="mymail@mymail.com" /><input id="id_amount" name="amount" type="hidden" value="0.01" /><input id="id_item_name" name="item_name" type="hidden" value="name of the item" /><input id="id_notify_url" name="notify_url" type="hidden" value="http://xxxxx.ngrok.com/en/mypage/" /><input id="id_cancel_return" name="cancel_return" type="hidden" value="http://xxxxx.ngrok.com/en/accounts/login/" /><input id="id_return_url" name="return" type="hidden" value="http://xxxxx.ngrok.com/de/accounts/login/" /><input id="id_custom" name="custom" type="hidden" value="Upgrade all users!" /><input id="id_invoice" name="invoice" type="hidden" value="unique-invoice-id29" /><input id="id_cmd" name="cmd" type="hidden" value="_xclick" /><input id="id_charset" name="charset" type="hidden" value="utf-8" /><input id="id_currency_code" name="currency_code" type="hidden" value="USD" /><input id="id_no_shipping" name="no_shipping" type="hidden" value="1" />
<input type="image" src="https://www.sandbox.paypal.com/en_US/i/btn/btn_buynowCC_LG.gif" border="0" name="submit" alt="Buy it Now" />
</form>
<input type='hidden' name='csrfmiddlewaretoken' value='5VDa6VWHZFAD6thEsOIwKxhlWPOlOD62' />
</body>
def render(self):
return mark_safe(u"""<form action="%s" method="post">
%s
<input type="image" src="%s" border="0" name="submit" alt="Buy it Now" />
</form>""" % (self.get_endpoint(), self.as_p(), self.get_image()))