1、未经授权的访问如何控制?
<form class="form-signin" action="{% url 'account:login' %}" method="post"> {% csrf_token %} {% comment %}<label for="inputEmail" class="sr-only">Email address</label> <input type="email" id="inputEmail" class="form-control" placeholder="Email" required autofocus> <label for="inputPassword" class="sr-only">Password</label> <input type="password" id="inputPassword" class="form-control" placeholder="Password" required>{% endcomment %} {{ form.non_field_errors }} {% for field in form %} {{ field }} {{ field.errors }} {% endfor %} <input type="hidden" name="next" value="{{ redirect_to }}"> <button class="btn btn-lg btn-primary btn-block" type="submit">Sign in</button> <div class="checkbox"> {% comment %}<a class="pull-right">Need help?</a>{% endcomment %} <label> <input type="checkbox" value="remember-me" name="remember"> Stay signed in </label> </div> {% load oauth_tags %} {% load_oauth_applications request%} </form>
在模板定义了一个表单form,实参action指定发送到视图的login. 我们则使用{% csrf_token%} 来防止攻击者利用表单来获得对服务器未经授权的访问。攻击称为跨站请求伪造。