django CSRF protect （防止出现Forbidden 403）

利用django的中间件CsrfViewMiddleware，settings里配置

MIDDLEWARE_CLASSES = (
    'django.middleware.common.CommonMiddleware',
    'django.contrib.sessions.middleware.SessionMiddleware',
    'django.middleware.csrf.CsrfViewMiddleware',
    'django.contrib.auth.middleware.AuthenticationMiddleware',
    'django.contrib.messages.middleware.MessageMiddleware',
    # Uncomment the next line for simple clickjacking protection:
    # 'django.middleware.clickjacking.XFrameOptionsMiddleware',
)

在模版里配置

<form action="#" method="post">
{% csrf_token %}
{{ form.as_p }}
<input type="submit" value="submit">
</form>

views处理

@csrf_protect
def login(request):
    msg = ''
    if request.method == 'POST':
        form = loginform.LoginForm(request.POST)
        if request.session.test_cookie_worked():
            request.session.delete_test_cookie()
            if request.POST.get('uname', '') == 'shuifa':
                if form.is_valid():
                    return HttpResponse('your are login')
                else:
                    msg = u'不合格'
            else:
                return HttpResponse('uname wrong')
        else:
            HttpResponse('please enable the cookie settings')
    else:
        form = loginform.LoginForm()


    request.session.set_test_cookie()


    # return render_to_response('fage/login.html', {'form':form, 'msg':msg}) #not work
    return render(request, 'fage/login.html', {'form':form, 'msg':msg})

注意不能用return render_to_response('fage/login.html', {'form':form, 'msg':msg})，否则出现如下错误

Forbidden (403) CSRF verification failed. Request aborted.

提示错误原因有一条是：The view function uses RequestContext for the template, instead of Context.