hello guys, i was working on a clone project and got stuck on a problem. the {% csrf_token %} that i have applied is not verified ...and the error login module is following>>
====================================================================================================================================
Forbidden (403)
CSRF verification failed. Request aborted.
Help
Reason given for failure:
CSRF token missing or incorrect.
In general, this can occur when there is a genuine Cross Site Request Forgery, or when Django's CSRF mechanism has not been used correctly. For POST forms, you need to ensure:
- Your browser is accepting cookies.
- The view function passes a
request
to the template's render
method. - In the template, there is a
{% csrf_token %}
template tag inside each POST form that targets an internal URL. - If you are not using
CsrfViewMiddleware
, then you must use csrf_protect
on any views that use the csrf_token
template tag, as well as those that accept the POST data. - The form has a valid CSRF token. After logging in in another browser tab or hitting the back button after a login, you may need to reload the page with the form, because the token is rotated after a login.
You're seeing the help section of this page because you have DEBUG = True
in your Django settings file. Change that to False
, and only the initial error message will be displayed.
You can customize this page using the CSRF_FAILURE_VIEW setting.
================================================================================================================================
I have applied all the requirements but still that occurs. here is my code>>
<login.html>
{% extends 'blog/base.html' %}
{% block content %}
<div class="jumbotron">
<h2>Please login!</h2>
<h3>(must be suoer user , please check with site admin)</h3>
</div>
{% if forms.errors %}
<p>Your user name and password did not match please try again!</p>
{% endif %}
<form action="{% url 'login' %}" method="POST">
{% csrf_token %}
{{ form.as_p }}
<input type="submit" class="btn btn-primary" value="login">
<input type="hidden" name="next" value="{{next}}">
</form>
{% endblock %}
===================================================================================
<urls.py- project(mysite)>
from django.contrib import admin
from django.http import HttpResponse
from django.shortcuts import get_object_or_404, render
from django.urls import path
from django.conf.urls import include
from django.contrib.auth import views
urlpatterns = [
path('admin/', admin.site.urls),
path('',include('blog.urls')),
path('accounts/login/',views.LoginView.as_view(), name='login'),
path('accounts/logout/',views.LogoutView.as_view(), name='logout',kwargs={'next_page':'/'})
]
===================================================================================
<views.py>
from django.shortcuts import render,get_object_or_404,redirect
from django.utils import timezone
from blog.models import Post,Comment
from blog.forms import PostForm,CommentForm
from django.urls import reverse_lazy
from django.contrib.auth.decorators import login_required
from django.contrib.auth.mixins import LoginRequiredMixin
from django.views.generic import (TemplateView,ListView,
DetailView,CreateView,
UpdateView,DeleteView)
# Create your views here.
class AboutView(TemplateView):
template_name='about.html'
class PostListView(ListView):
model=Post
def get_queryset(self):
return Post.objects.filter(published_date__lte=timezone.now()).order_by('-published_date')
class PostDetailView(DetailView):
model=Post
class CreatePostView(LoginRequiredMixin,CreateView):
login_url='/login'
redirect_field_name='blog/post_detail.html'
form_class=PostForm
model=Post
class PostUpdateView(LoginRequiredMixin,UpdateView):
login_url='/login'
redirect_field_name='blog/post_detail.html'
form_class=PostForm
model=Post
class PostDeleteView(LoginRequiredMixin,DeleteView):
model=Post
success_url=reverse_lazy('post_list')
class DraftListView(LoginRequiredMixin,ListView):
login_url='/login/'
redirect_field_name='blog/post_list.html'
model=Post
def get_queryset(self):
return Post.objects.filter(published_date_isnull=True).order_by('created_date')
@login_required
def add_comment_to_post(request,pk):
post=get_object_or_404(post,pk=pk)
if request.method == 'POST':
form=CommentForm(request.POST)
if form.is_valid():
Comment=form.save(commit=False)
comment.save()
return redirect('post_detail',pk=post.pk) else:
form=CommentForm()
return render(request,'blog/comment_form.html',{'form':form})
@login_required
def comment_approve(request,pk):
comment=get_object_or_404(Comment,pk=pk)
comment.approve()
@login_required
def comment_remove(request,pk):
comment=get_object_or_404(Comment,pk=pk)
comment.delete()
return redirect('post_detail',pk=post_pk)
@login_required
def post_publish(request,pk):
post=get_object_or_404(Post,pk=pk)
post.publish()
return redirect('post_detail',pk=pk)
===========================================================================
guys plz help me out to run my code
thank you