Forbidden (403)
82 views
Skip to first unread message
Nebros
Nov 12, 2012, 2:00:48 PM11/12/12
to django...@googlegroups.com
I know this is an old problem with many answers... but no one helps me. ^^
what i have:
Settings--------------------------------
MIDDLEWARE_CLASSES = (
'django.middleware.csrf.CsrfViewMiddleware',
'django.middleware.common.CommonMiddleware',
'django.contrib.sessions.middleware.SessionMiddleware',
'django.contrib.auth.middleware.AuthenticationMiddleware',
'django.contrib.messages.middleware.MessageMiddleware',
# Uncomment the next line for simple clickjacking protection:
# 'django.middleware.clickjacking.XFrameOptionsMiddleware',
)
MIDDLEWARE_CLASSES = (
'django.middleware.csrf.CsrfViewMiddleware',
'django.middleware.common.CommonMiddleware',
'django.contrib.sessions.middleware.SessionMiddleware',
'django.contrib.auth.middleware.AuthenticationMiddleware',
'django.contrib.messages.middleware.MessageMiddleware',
# Uncomment the next line for simple clickjacking protection:
# 'django.middleware.clickjacking.XFrameOptionsMiddleware',
)
-------------------------------------------
urls--------------------------------------
from django.conf.urls import patterns
from klasse.views import portal, kundendaten
from klasse.views import portal, kundendaten
urlpatterns = patterns('',
(r'^portal/$', portal),
(r'^kundendaten/$', kundendaten),
)
-------------------------------------------
(r'^portal/$', portal),
(r'^kundendaten/$', kundendaten),
)
-------------------------------------------
views-----------------------------------
from django.shortcuts import render_to_response
from django.core.context_processors import csrf
from django.core.context_processors import csrf
from django.views.decorators.csrf import csrf_protect
import datetime
import pyodbc
import pyodbc
@csrf_protect
def portal(request):
now = datetime.datetime.now()
return render_to_response('portal.html', {'current_date': now})
def portal(request):
now = datetime.datetime.now()
return render_to_response('portal.html', {'current_date': now})
--------------------------------------------
portal.html------------------------------
<form method="post" action="/kundendaten/">
{% csrf_token %}
<fieldset>
<legend>Anfrage</legend>
<p>Bitte Kundennamen eingeben</p>
<legend>Anfrage</legend>
<p>Bitte Kundennamen eingeben</p>
<label>
<input type="text" name="kunde" size="30" required="required">
</label>
<br>
<br>
<input type="submit" name="senden" value="Senden" href="kundendaten">
<input type="text" name="kunde" size="30" required="required">
</label>
<br>
<br>
<input type="submit" name="senden" value="Senden" href="kundendaten">
</fieldset>
</form>
--------------------------------------------
I tryed a lot of variants to fix my "post" problem, but without success. can anybody help me? ^^
thx
*pls ignore my englisch fails
Vibhu Rishi
Nov 12, 2012, 3:50:48 PM11/12/12
to django...@googlegroups.com
When is it that you are getting the 403 ?
--
Simplicity is the ultimate sophistication. - Leonardo da Vinci
Life is really simple, but we insist on making it complicated. - Confucius
--
You received this message because you are subscribed to the Google Groups "Django users" group.
To view this discussion on the web visit https://groups.google.com/d/msg/django-users/-/iMXtpFVaRp8J.
To post to this group, send email to django...@googlegroups.com.
To unsubscribe from this group, send email to django-users...@googlegroups.com.
For more options, visit this group at http://groups.google.com/group/django-users?hl=en.
Simplicity is the ultimate sophistication. - Leonardo da Vinci
Life is really simple, but we insist on making it complicated. - Confucius
Nebros
Nov 12, 2012, 3:54:50 PM11/12/12
to django...@googlegroups.com
When i put in a variable in my type="text" and push type="submit" (by the step to next page)...
Tom Christie
Nov 12, 2012, 4:34:08 PM11/12/12
to django...@googlegroups.com
Could you include your 'kundendaten' view too, please.
Any error text on the 403 page would also be useful.
Nebros
Nov 13, 2012, 8:05:28 AM11/13/12
to django...@googlegroups.com
kundendaten-----------------------------
{% include "header.html" %}
<title>Kundendaten</title>
{% include "header2.html" %}
<h1>Portal</h1>
<h1>Portal</h1>
<h2>Ausgabe Kundendaten</h2>
{% include "sql.html" %}
<table border="1">
<tr><th>Name</th><th>E-Mail</th></tr>
<tr><th>Name</th><th>E-Mail</th></tr>
<tr><td>'.$result['t_name'].'</td><td>'.$result['t_mail'].'</td></tr>
</table>
{% include "footer.html" %}
-----------------------------------------------
(header , header2 and footer are only for the html tags !doctype... blabla)
Forbidden (403)---------------------------------
CSRF verification failed. Request aborted.
Help
Reason given for failure:
CSRF cookie not set.
In general, this can occur when there is a genuine Cross Site Request Forgery, or when Django's CSRF mechanism has not been used correctly. For POST forms, you need to ensure:
- Your browser is accepting cookies.
- The view function uses
RequestContextfor the template, instead ofContext. - In the template, there is a
{% csrf_token %}template tag inside each POST form that targets an internal URL. - If you are not using
CsrfViewMiddleware, then you must usecsrf_protecton any views that use thecsrf_tokentemplate tag, as well as those that accept the POST data.
You're seeing the help section of this page because you have DEBUG = True in your Django settings file. Change that to False, and only the initial error message will be displayed.
You can customize this page using the CSRF_FAILURE_VIEW setting.
---------------------------------------------------------------------
Jirka Vejrazka
Nov 13, 2012, 8:35:27 AM11/13/12
to Django users
I may be wrong, but I don't see you using {% csrf_token %} anywhere. You're posting random snippets from your code that only loosely relate - I have trouble finding full code for the view and all components of HTML templates causing you trouble.
So I'll just post a few tips:
- before submitting the form in your browser, show the rendered HTML for the page "right click, then View Source (or similar) - does it contain the csrf_token parameter? (Just search for "csrf_token").
- you can easily verify that your CSRF token is posted with the form by putting "print request" on the first line of the view that receives the form submission - then you should see "csrf_token" among the posted paramaters.
- better version is to install a module to the browser you use for debugging to view what's actually being sent. For Firefox, you could use the excellent Firebug.
So I'll just post a few tips:
- before submitting the form in your browser, show the rendered HTML for the page "right click, then View Source (or similar) - does it contain the csrf_token parameter? (Just search for "csrf_token").
- you can easily verify that your CSRF token is posted with the form by putting "print request" on the first line of the view that receives the form submission - then you should see "csrf_token" among the posted paramaters.
- better version is to install a module to the browser you use for debugging to view what's actually being sent. For Firefox, you could use the excellent Firebug.
--
You received this message because you are subscribed to the Google Groups "Django users" group.
To view this discussion on the web visit https://groups.google.com/d/msg/django-users/-/K1p4e5lY1B4J.
Nebros
Nov 13, 2012, 11:07:45 AM11/13/12
to django...@googlegroups.com
thanks for your answer.
by point one, it doesnt contain the csrf_token parameter, but i dont know why. ^^
to see the html better, i give the full now:
portal------------------------------
<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01//EN">
<html lang="en">
<head>
<!--suppress HtmlUnknownTarget -->
<link rel="stylesheet" href="P:Daten/Projects/Vorbild/templates/css/style.css" type="text/css">
<html lang="en">
<head>
<!--suppress HtmlUnknownTarget -->
<link rel="stylesheet" href="P:Daten/Projects/Vorbild/templates/css/style.css" type="text/css">
<title>Kunde</title>
</head>
<body>
<img src="P:/Daten/Projects/Vorbild/templates/pics/logo.png" alt="Sefar logo" width=156 height=56/>
<body>
<img src="P:/Daten/Projects/Vorbild/templates/pics/logo.png" alt="Sefar logo" width=156 height=56/>
<h1>Kunde</h1>
{% block content %}<p>Zeit der Aktualisierung {{ current_date }}.</p>{% endblock %}
{% block content %}<p>Zeit der Aktualisierung {{ current_date }}.</p>{% endblock %}
<div class="test">
<form method="post" action="/kundendaten/">
{% csrf_token %}
<fieldset>
<legend>Anfrage</legend>
<p>Bitte Kundennamen eingeben</p>
<legend>Anfrage</legend>
<p>Bitte Kundennamen eingeben</p>
<label>
<input type="text" name="kunde" size="30" required="required">
</label>
<br>
<br>
<input type="submit" name="senden" value="Senden" href="kundendaten">
<input type="text" name="kunde" size="30" required="required">
</label>
<br>
<br>
<input type="submit" name="senden" value="Senden" href="kundendaten">
</fieldset>
</form>
</div>
<hr>
<p>Danke fuer die Benutzung meiner Seite.</p>
</body>
</html>
</div>
<hr>
<p>Danke fuer die Benutzung meiner Seite.</p>
</body>
</html>
----------------------------------------------------
source code by right clicking...------------------------
<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01//EN">
<html lang="en">
<head>
<!--suppress HtmlUnknownTarget -->
<link rel="stylesheet" href="P:Daten/Projects/Vorbild/templates/css/style.css" type="text/css">
<html lang="en">
<head>
<!--suppress HtmlUnknownTarget -->
<link rel="stylesheet" href="P:Daten/Projects/Vorbild/templates/css/style.css" type="text/css">
<title>Kunde</title>
</head>
<body>
<img src="P:/Daten/Projects/Vorbild/templates/pics/logo.png" alt="Sefar logo" width=156 height=56/>
<h1>Kunde</h1>
<body>
<img src="P:/Daten/Projects/Vorbild/templates/pics/logo.png" alt="Sefar logo" width=156 height=56/>
<h1>Kunde</h1>
<p>Zeit der Aktualisierung Nov. 13, 2012, 11:49 a.m..</p>
<div class="test">
<form method="post" action="/kundendaten/">
<fieldset>
<legend>Anfrage</legend>
<p>Bitte Kundennamen eingeben</p>
<legend>Anfrage</legend>
<p>Bitte Kundennamen eingeben</p>
<label>
<input type="text" name="kunde" size="30" required="required">
</label>
<br>
<br>
<input type="submit" name="senden" value="Senden" href="kundendaten">
<input type="text" name="kunde" size="30" required="required">
</label>
<br>
<br>
<input type="submit" name="senden" value="Senden" href="kundendaten">
</fieldset>
</form>
</div>
</div>
<hr>
<p>Danke fuer die Benutzung meiner Seite.</p>
</body>
</html>
<p>Danke fuer die Benutzung meiner Seite.</p>
</body>
</html>
----------------------------------------------------------------
Daniel Roseman
Nov 13, 2012, 11:24:38 AM11/13/12
to django...@googlegroups.com
On Tuesday, 13 November 2012 08:05:28 UTC, Nebros wrote:
<snip>
Forbidden (403)---------------------------------CSRF verification failed. Request aborted.
Help
Reason given for failure:
CSRF cookie not set.In general, this can occur when there is a genuine Cross Site Request Forgery, or when Django's CSRF mechanism has not been used correctly. For POST forms, you need to ensure:
- Your browser is accepting cookies.
- The view function uses
RequestContextfor the template, instead ofContext.- In the template, there is a
{% csrf_token %}template tag inside each POST form that targets an internal URL.- If you are not using
CsrfViewMiddleware, then you must usecsrf_protecton any views that use thecsrf_tokentemplate tag, as well as those that accept the POST data.You're seeing the help section of this page because you have
DEBUG = Truein your Django settings file. Change that toFalse, and only the initial error message will be displayed.You can customize this page using the CSRF_FAILURE_VIEW setting.
I don't really know how this error message could be clearer. Point 2 clearly explains what is wrong in your case, complete with a link to the documentation explaining how to fix it.
--
DR.
Tom Evans
Nov 13, 2012, 11:26:54 AM11/13/12
to django...@googlegroups.com
1) Add CsrfViewMiddleware
2) Add csrf_token to the form
3) Ensure that the csrf token is in the template context, by using a
RequestContext or calling the CSRF context processor directly.
As documented here:
https://docs.djangoproject.com/en/1.4/ref/contrib/csrf/
You've done 1 and 2. You haven't done 3.
Cheers
Tom
Nebros
Nov 13, 2012, 1:52:04 PM11/13/12
to django...@googlegroups.com, teva...@googlemail.com
ok, i have it done. but i have now the next problem... what i have chaged:
views------------------------------------
views------------------------------------
@csrf_protect
def portal(request):
c = {}
c.update (csrf(request))
now = datetime.datetime.now()
return render_to_response('portal.html', {'current_date': now}, context_instance=RequestContext(request))
def portal(request):
c = {}
c.update (csrf(request))
now = datetime.datetime.now()
return render_to_response('portal.html', {'current_date': now}, context_instance=RequestContext(request))
--------------------------------------------
why i did it like this: by loading the page i became an error...
TypeError at /kundendaten/
pop expected at least 1 arguments, got 0
i tryed the post from this page:
http://stackoverflow.com/questions/7678231/problems-with-csrf-token
now i have the error, when i press my send button, why is that?
here the error...--------------------------
TypeError at /kundendaten/
pop expected at least 1 arguments, got 0
| Request Method: | POST |
|---|---|
| Request URL: | http://127.0.0.1:8000/kundendaten/ |
| Django Version: | 1.4.1 |
| Exception Type: | TypeError |
| Exception Value: | pop expected at least 1 arguments, got 0 |
| Exception Location: | C:\Python27\lib\site-packages\django\template\loader.py in render_to_string, line 178 |
| Python Executable: | C:\Python27\python.exe |
| Python Version: | 2.7.3 |
-----------------------------------------------------------------------------
and thx for your answers...
Nebros
Nov 13, 2012, 2:08:50 PM11/13/12
to django...@googlegroups.com, teva...@googlemail.com
Edit: first error was TypeError at /portal/... i realyzed now, the error is for the next page...
Reply all
Reply to author
Forward
Message has been deleted
0 new messages