Django:1.7.1 Python:2.7.8 使用的 https://github.com/django/django-contrib-comments，按照的使用指南做的： setting.py里写的： INSTALLED_APPS = ( 'django.contrib.admin', 'django.contrib.auth', 'django.contrib.contenttypes', 'django.contrib.sessions', 'django.contrib.messages', 'django.contrib.staticfiles', 'django.contrib.sites', 'django_comments', 'cm', ) SITE_ID = 1 现在遇到了CSRF verification failed. Request aborted.问题，我点击提交后，提示： Forbidden (403) CSRF verification failed. Request aborted. Help Reason given for failure: CSRF token missing or incorrect. In general, this can occur when there is a genuine Cross Site Request Forgery, or when Django's CSRF mechanism has not been used correctly. For POST forms, you need to ensure: Your browser is accepting cookies. The view function uses RequestContext for the template, instead of Context. In the template, there is a {% csrf_token %} template tag inside each POST form that targets an internal URL. If you are not using CsrfViewMiddleware, then you must use csrf_protect on any views that use the csrf_token template tag, as well as those that accept the POST data. You're seeing the help section of this page because you have DEBUG = True in your Django settings file. Change that to False, and only the initial error message will be displayed. You can customize this page using the CSRF_FAILURE_VIEW setting. post.html里面的代码如下： {% extends "base.html" %} {% block title %}文章页 {% endblock %} {% block content %} <article id="post_content"> <h1>{{post.post_title}}</h1> <div class="meta">发布时间：{{post.post_date}}</div> <div class="content"> {{ post.post_content }} </div> </article> {% load comments %} <div> {% render_comment_list for post %} {% render_comment_form for post %} </div> {% endblock %} comments文件夹里面的模板都是从Django-1.7.1-py2.7.egg\django\contrib\comments\templates复制出来的。