CSRF Issue

[cmac0tt]

I feel like an idiot here, I've worked my way around this multiple times but its just not working this time and as you can see ive thrown every method there is in the documentation at it.

(note that I am learning python and django right now on the fly) however here is my views, the form with the token, and my models (threw in the middleware settings from my settings.py and my urls just in case. Let me know if you need anything else. Remember, just learning here, and learning by converting a walkthrough presentation of building a wiki on pre 0.96 on 1.4 so I've had to learn a lot of changes etc. Its helping, mind you, this one step is getting frustrating now after two nights of it.

http://dpaste.org/X1Xoh/

let me know if you have any ideas, and remember, I'm not big on the snake talk just yet.

Thanks.

[Daniel Roseman]

You *do* seem to have thrown every method in.

Firstly, you don't need the @csrf_protect decorator, or all that stuff with c.update(csrf(request)) - the second especially as you're then not doing anything with `c`! The point of that is if you're not using a context processor, you should then pass `c` as the basis for the template context, because it already contains the csrf token. But you're just throwing it away.

So, remove those two things. Also, take out those cache_pages - you most *definitely* do not want to cache the edit or save pages. Now see if it's any better, and report back what happens.

--

DR.

[cmac0tt]

ok, so this is my view now. Maybe I'm not understanding and if so I apologize. We all start somewere right. I just dont know why I'm having trouble with it now when I had it working last time around with simply using C {}

[cmac0tt]

ahem, so here is the view

from wikicamp.wiki.models import Page
from django.shortcuts import render_to_response
from django.http import HttpResponseRedirect
from django.shortcuts import render
from django.shortcuts import redirect
from django import forms
import htmllib
from django.template import RequestContext, loader
from django.core.context_processors import csrf
# Create your views here.

def view_page(request, page_name):
        c = {}
        try:
                page = Page.objects.get(pk=page_name)
        except Page.DoesNotExist:
                return render_to_response("create.html", {"page_name":page_name}
, context_instance=RequestContext(request))
        content = page.content
#       content = request.GET['content']
        return render_to_response("view.html", {"page_name":page_name, "content":content})
#, context_instance=RequestContext)



def edit_page(request, page_name):
        c = {}
        try:
                page = Page.objects.get(pk=page_name)
                content = page.content
        except Page.DoesNotExist:
                name = ""
#               content = request.GET['content']
                content = ""
        return  render_to_response("edit.html", {"page_name":page_name, "content":content})

def save_page(request, page_name):
        c = {}
        content = request.POST.get['content', 'this is the default']
        try:
                page = Page.objects.get(pk=page_name)
                content = request.GET['content']
                page.content = 'content'
        except Page.DoesNotExist:
                page = Page(name-page_name, content-content)
        page.save()
        return HttpResponseRedirect("/granite/" + "page_name" + "/")

On Thursday, June 14, 2012 3:46:24 AM UTC-4, cmac0tt wrote:

[Daniel Roseman]

Better, but now you've got rid of the `context_instance=RequestContext(request)` stuff, which you *do* need. And you're still creating an empty `c` dict which is never referenced again - it won't cause any problems, but it's pointless. 

--

DR.

[cmac0tt]

fixed. thanks mate!

On Thursday, June 14, 2012 3:46:24 AM UTC-4, cmac0tt wrote: