1、未经授权的访问如何控制?
<form class="form-signin" action="{% url 'account:login' %}" method="post">
{% csrf_token %}
{% comment %}<label for="inputEmail" class="sr-only">Email address</label>
<input type="email" id="inputEmail" class="form-control" placeholder="Email" required autofocus>
<label for="inputPassword" class="sr-only">Password</label>
<input type="password" id="inputPassword" class="form-control" placeholder="Password" required>{% endcomment %}
{{ form.non_field_errors }}
{% for field in form %}
{{ field }}
{{ field.errors }}
{% endfor %}
<input type="hidden" name="next" value="{{ redirect_to }}">
<button class="btn btn-lg btn-primary btn-block" type="submit">Sign in</button>
<div class="checkbox">
{% comment %}<a class="pull-right">Need help?</a>{% endcomment %}
<label>
<input type="checkbox" value="remember-me" name="remember"> Stay signed in
</label>
</div>
{% load oauth_tags %}
{% load_oauth_applications request%}
</form>
在模板定义了一个表单form,实参action指定发送到视图的login. 我们则使用{% csrf_token%} 来防止攻击者利用表单来获得对服务器未经授权的访问。攻击称为跨站请求伪造。
标签:comment,load,errors,帐户,form,用户,endcomment,field From: https://www.cnblogs.com/baihuitestsoftware/p/17679596.html