django csrf
5 views
Skip to first unread message
Li Hui
Jun 25, 2010, 5:48:40 AM6/25/10
to Django users
When I add enctype="text/plain" to a post form like <form action="/
auth"
method="post" enctype="text/plain">, there is a "CSRF verification
failed." error.
But when I remove it, all is right.
Who can tell me why?
auth"
method="post" enctype="text/plain">, there is a "CSRF verification
failed." error.
But when I remove it, all is right.
Who can tell me why?
Tom Evans
Jun 25, 2010, 8:49:47 AM6/25/10
to django...@googlegroups.com
Because that is not how HTML user agents work. The post parameters are
not encoded in a format that the server can understand, and so there
is no CSRF token found, hence the error.
http://www.w3.org/TR/html401/interact/forms.html#h-17.3
Use either "application/x-www-form-urlencoded", which is the default
value if you omit enctype. Use "multipart/form-data" if you have file
inputs in your form.
Cheers
Tom
thusjanthan
Jun 25, 2010, 1:31:00 PM6/25/10
to Django users
The quick answer is you have to put the following in your template
right after the <form ... > declaration:
{% csrf_token %}
Cheers,
Nathan.
right after the <form ... > declaration:
{% csrf_token %}
Cheers,
Nathan.
Tom Evans
Jun 28, 2010, 11:25:06 AM6/28/10
to django...@googlegroups.com
On Fri, Jun 25, 2010 at 6:31 PM, thusjanthan <thusj...@gmail.com> wrote:
> The quick answer is you have to put the following in your template
> right after the <form ... > declaration:
>
> {% csrf_token %}
>
> Cheers,
> Nathan.
>
> The quick answer is you have to put the following in your template
> right after the <form ... > declaration:
>
> {% csrf_token %}
>
> Cheers,
> Nathan.
>
And how precisely will that make his browser submit the form in a
manner that django can decipher? He gets a CSRF error not because the
token is not in the form, but because he has configured his form to
instruct the browser to submit the data to the server in an
unsupported format.
Cheers
Tom
Reply all
Reply to author
Forward
0 new messages