how to call django web page with ordinary html page

78 views
Skip to first unread message

Pawan Soni

unread,
Aug 29, 2014, 7:06:26 AM8/29/14
to django...@googlegroups.com
Hi ,

i have a simple html page,p.html which is not made in django application ,its just a ordinary html page  which look like..

<html>
<body>
<form action="http://127.0.0.1:8000/test/" method="post">
<input type="text" value="test" name="payemnt_ref">
<input type="submit">
</body>
<html>

In form's action i am passing the path of my django url..

this is my urls.py file..

         from django.conf.urls import patterns, include, url
        from django.contrib import admin
        from login import views
              urlpatterns = patterns('',
           url(r'^test',views.paymentcheck_view,name="test"),
   )

my views.py..
    
     def paymentcheck_view(request):
   if request.method == "POST":
        c = {}
        c.update(csrf(request))
        return render_to_response('login1/create_pay_page.html',c)
   else:
        return HttpResponse('GET')

Error i got ...

Forbidden (403)

CSRF verification failed. Request aborted.

........
    
i am stuck over here,pls help me 

Thnx in advance



Shubham Pansari

unread,
Aug 29, 2014, 8:17:19 AM8/29/14
to django...@googlegroups.com
You are missing csrf_token which is set by request for csrf verification. After the line
<form action="http://127.0.0.1:8000/test/" method="post">
in your code put {%csrf_token%} and it should work fine and also read why it didnot worked without it from https://docs.djangoproject.com/en/dev/ref/contrib/csrf/  . This should answer all your queries.


--
You received this message because you are subscribed to the Google Groups "Django users" group.
To unsubscribe from this group and stop receiving emails from it, send an email to django-users...@googlegroups.com.
To post to this group, send email to django...@googlegroups.com.
Visit this group at http://groups.google.com/group/django-users.
To view this discussion on the web visit https://groups.google.com/d/msgid/django-users/2b21261b-c48f-43d2-8db0-810b0c7a9c02%40googlegroups.com.
For more options, visit https://groups.google.com/d/optout.

Matt Gushee

unread,
Aug 29, 2014, 11:24:46 AM8/29/14
to django...@googlegroups.com
On Fri, Aug 29, 2014 at 6:16 AM, Shubham Pansari
<pansarish...@gmail.com> wrote:
> You are missing csrf_token which is set by request for csrf verification.
> After the line
> <form action="http://127.0.0.1:8000/test/" method="post">
> in your code put {%csrf_token%} and it should work fine

I'm a Django newbie, so I could well be mistaken, but I don't think
that will work. The OP said it was plain HTML; that means Django
doesn't process it, so Django template tags won't work. But it looks
like Flatpages might help:
http://www.djangobook.com/en/2.0/chapter16.html.

--
Matt Gushee

Babatunde Akinyanmi

unread,
Aug 29, 2014, 1:55:41 PM8/29/14
to Django users

Why are you adding a csrf token in your context?

Pawan Soni

unread,
Aug 30, 2014, 1:54:03 AM8/30/14
to django...@googlegroups.com


____________________________________________________________________
             Thanks Shubham for guiding me and your precious response,but my concern is that if i used simple/plain html page and if i would use {%csrf_token %} in that page ,i think this is not working .
              Is any other alternative ways to do this task.
    Thanks :)

James Schneider

unread,
Aug 30, 2014, 2:16:14 AM8/30/14
to django...@googlegroups.com
I reread the OP, and it sounds like he is using a static HTML page served elsewhere and POSTing directly to the Django app. If you disable CSRF validation on the form view in Django, it should work. However, I would recommend against it.

Unless you have a specific reason, why not just write up a quick TemplateView (with CSRF disabled on the FormView) or better yet a straight FormView class and just render the exact HTML you posted with the CSRF tag, taking advantage of the benefits that the Django framework offers?

-James

Babatunde Akinyanmi

unread,
Aug 30, 2014, 2:33:37 AM8/30/14
to Django users


On 30 Aug 2014 07:15, "James Schneider" <jrschn...@gmail.com> wrote:
>
> I reread the OP, and it sounds like he is using a static HTML page served elsewhere and POSTing directly to the Django app. If you disable CSRF validation on the form view in Django, it should work. However, I would recommend against it.
>
> Unless you have a specific reason, why not just write up a quick TemplateView (with CSRF disabled on the FormView) or better yet a straight FormView class and just render the exact HTML you posted with the CSRF tag, taking advantage of the benefits that the Django framework offers?
>
> -James
>

This is exactly where i was going.

Did you actually try it?

>>               Is any other alternative ways to do this task.
>>     Thanks :)
>>
>>
>>   
>>>>
>>>> --
>>>> You received this message because you are subscribed to the Google Groups "Django users" group.
>>>> To unsubscribe from this group and stop receiving emails from it, send an email to django-users...@googlegroups.com.
>>>> To post to this group, send email to django...@googlegroups.com.
>>>> Visit this group at http://groups.google.com/group/django-users.
>>>> To view this discussion on the web visit https://groups.google.com/d/msgid/django-users/2b21261b-c48f-43d2-8db0-810b0c7a9c02%40googlegroups.com.
>>>> For more options, visit https://groups.google.com/d/optout.
>>>
>>>
>> --
>> You received this message because you are subscribed to the Google Groups "Django users" group.
>> To unsubscribe from this group and stop receiving emails from it, send an email to django-users...@googlegroups.com.
>> To post to this group, send email to django...@googlegroups.com.
>> Visit this group at http://groups.google.com/group/django-users.
>> To view this discussion on the web visit https://groups.google.com/d/msgid/django-users/ed8d597a-5897-4be2-9402-f77d464700ff%40googlegroups.com.
>> For more options, visit https://groups.google.com/d/optout.
>
> --
> You received this message because you are subscribed to the Google Groups "Django users" group.
> To unsubscribe from this group and stop receiving emails from it, send an email to django-users...@googlegroups.com.
> To post to this group, send email to django...@googlegroups.com.
> Visit this group at http://groups.google.com/group/django-users.

> To view this discussion on the web visit https://groups.google.com/d/msgid/django-users/CA%2Be%2BciX1SGsybHJvp%3DYhXR7gxYAKYdfGMw32ja3KsjzfVPF%3D9A%40mail.gmail.com.

Collin Anderson

unread,
Aug 30, 2014, 11:18:11 AM8/30/14
to django...@googlegroups.com
If it helps, you can read/set the csrf cookie using javascript. here's some rough code:

  if(!document.cookie.match('csrftoken=([a-zA-Z0-9]{32})')){
    for(var c = ''; c.length < 32;) c += Math.random().toString(36).substr(2, 1)
    document.cookie = 'csrftoken=' + c + '; path=/'
  }
  document.write('<input type="hidden" name="csrfmiddlewaretoken" value="' + document.cookie.match('csrftoken=([a-zA-Z0-9]{32})')[1] + '">')

Reply all
Reply to author
Forward
0 new messages