{% csrf_token %} template tag not outputting the hidden field
1,526 views
Skip to first unread message
Erik
Aug 30, 2010, 2:46:56 PM8/30/10
to Django users
Hi Django Users-
I'm having trouble with the {% csrf_token %} tag.
On my site I have a regular login view / page / url, which uses
the django contrib registration app. I include the CSRF token in my
login template and it works fine.
I'd also like a little login box in the corner of every page,
which will either show a login form or a "you're logged in!" message
depending on whether the user is logged in. So, I wrote a little form
into my base.html template that other templates inherit from; and I
stuck the {% csrf_token %} tag in there as well.
The part I don't understand is, if I load the login url in the
browser ( mysite.com/login/ ) both forms work, I can login with them,
and when I view the source the CSRF token tag has put a hidden field
into my form.
However, when I'm on any other page - for example the front page
- the token tag just leaves a blank space and doesn't output anything,
but it doesn't give me an error message on loading the page - as it
would when I try to use a token tag that doesn't exist - such as {%
faketokentag %}. Of course, because the csrf token tag doesn't
create any output (in the HTML source generated) when the form is
submitted the CSRF error occurs.
I'm rendering all such pages with the generic view
direct_to_template , which, because it's a generic view, the
documentation suggests should just work with CSRF.
Does anyone have any suggestions?
Thank you,
Erik
I'm having trouble with the {% csrf_token %} tag.
On my site I have a regular login view / page / url, which uses
the django contrib registration app. I include the CSRF token in my
login template and it works fine.
I'd also like a little login box in the corner of every page,
which will either show a login form or a "you're logged in!" message
depending on whether the user is logged in. So, I wrote a little form
into my base.html template that other templates inherit from; and I
stuck the {% csrf_token %} tag in there as well.
The part I don't understand is, if I load the login url in the
browser ( mysite.com/login/ ) both forms work, I can login with them,
and when I view the source the CSRF token tag has put a hidden field
into my form.
However, when I'm on any other page - for example the front page
- the token tag just leaves a blank space and doesn't output anything,
but it doesn't give me an error message on loading the page - as it
would when I try to use a token tag that doesn't exist - such as {%
faketokentag %}. Of course, because the csrf token tag doesn't
create any output (in the HTML source generated) when the form is
submitted the CSRF error occurs.
I'm rendering all such pages with the generic view
direct_to_template , which, because it's a generic view, the
documentation suggests should just work with CSRF.
Does anyone have any suggestions?
Thank you,
Erik
Daniel Lathrop
Aug 30, 2010, 4:16:57 PM8/30/10
to django...@googlegroups.com
I may misunderstand how csrf_token works, but I think it needs to be used in conjunction with the forms system, which would require you to pass a form to your template. Are you doing that?
Daniel Lathrop
News Applications Editor
The Dallas Morning News
---------------------------
Daniel Lathrop
206.718.0349 (cell)
Daniel Lathrop
News Applications Editor
The Dallas Morning News
---------------------------
Daniel Lathrop
206.718.0349 (cell)
--
You received this message because you are subscribed to the Google Groups "Django users" group.
To post to this group, send email to django...@googlegroups.com.
To unsubscribe from this group, send email to django-users...@googlegroups.com.
For more options, visit this group at http://groups.google.com/group/django-users?hl=en.
Erik
Sep 1, 2010, 12:08:19 AM9/1/10
to Django users
Hi Daniel-
Thanks for your response.
No, I wasn't generating the form within django; I had hand coded
a form into the page; because I had intended that this form appear on
every page in the side.
I'll try it as you suggest and report back. This may involve
learning how to write template tags.
thanks,
Erik
> > django-users...@googlegroups.com<django-users%2Bunsubscribe@google groups.com>
> > .
Thanks for your response.
No, I wasn't generating the form within django; I had hand coded
a form into the page; because I had intended that this form appear on
every page in the side.
I'll try it as you suggest and report back. This may involve
learning how to write template tags.
thanks,
Erik
> > .
Jonas Geiregat
Sep 1, 2010, 9:59:56 AM9/1/10
to django...@googlegroups.com
I had the same problem some day's ago.
Did you add the context_instance parameter in the render_to_reponse function call. It's needed for CSRF to work.
Did you add the context_instance parameter in the render_to_reponse function call. It's needed for CSRF to work.
For example: return render_to_response('blog/index.html', {'posts': posts}, context_instance=RequestContext(req))
Regards,
Jonas.
> --
> You received this message because you are subscribed to the Google Groups "Django users" group.
> To post to this group, send email to django...@googlegroups.com.
> To unsubscribe from this group, send email to django-users...@googlegroups.com.
> For more options, visit this group at http://groups.google.com/group/django-users?hl=en.
>
Met vriendelijke groeten,
Jonas Geiregat
jo...@geiregat.org
Reply all
Reply to author
Forward
0 new messages