[django] error CSRF token missing or incorrect on POST reciever
527 views
Skip to first unread message
crazedpsyc
Jan 17, 2011, 12:10:42 PM1/17/11
to Django users
I tried to make a quick search box for my site-in-progress and
expected it to be as simple as keeping the database updated.
Unfortunately I ran into the following error as soon as I POSTed a
query:
[QUOTE]
Forbidden (403)
CSRF verification failed. Request aborted.
Help
Reason given for failure:
CSRF token missing or incorrect. In general, this can occur when there
is a genuine Cross Site Request Forgery, or when Django's CSRF
mechanism has not been used correctly. For POST forms, you need to
ensure:
The view function uses RequestContext for the template, instead of
Context.
In the template, there is a {% csrf_token %} template tag inside
each POST form that targets an internal URL.
If you are not using CsrfViewMiddleware, then you must use
csrf_protect on any views that use the csrf_token template tag, as
well as those that accept the POST data.
You're seeing the help section of this page because you have DEBUG =
True in your Django settings file. Change that to False, and only the
initial error message will be displayed.
You can customize this page using the CSRF_FAILURE_VIEW setting.
[/QUOTE]
I tried adding "{% csrf_token %}" to my template, but still got the
same error. I don't really know what the rest of the suggestions mean,
so any translation help would be appreciated
expected it to be as simple as keeping the database updated.
Unfortunately I ran into the following error as soon as I POSTed a
query:
[QUOTE]
Forbidden (403)
CSRF verification failed. Request aborted.
Help
Reason given for failure:
CSRF token missing or incorrect. In general, this can occur when there
is a genuine Cross Site Request Forgery, or when Django's CSRF
mechanism has not been used correctly. For POST forms, you need to
ensure:
The view function uses RequestContext for the template, instead of
Context.
In the template, there is a {% csrf_token %} template tag inside
each POST form that targets an internal URL.
If you are not using CsrfViewMiddleware, then you must use
csrf_protect on any views that use the csrf_token template tag, as
well as those that accept the POST data.
You're seeing the help section of this page because you have DEBUG =
True in your Django settings file. Change that to False, and only the
initial error message will be displayed.
You can customize this page using the CSRF_FAILURE_VIEW setting.
[/QUOTE]
I tried adding "{% csrf_token %}" to my template, but still got the
same error. I don't really know what the rest of the suggestions mean,
so any translation help would be appreciated
Jirka Vejrazka
Jan 17, 2011, 12:26:10 PM1/17/11
to django...@googlegroups.com
Hmm,
have you checked documentation [1] at all? The token is not the only
thing, you need to enable a middleware too (a few things are needed
basically).
Cheers
Jirka
crazedpsyc
Jan 17, 2011, 1:23:30 PM1/17/11
to Django users
I'll look at that article, thanks!
crazedpsyc
Jan 17, 2011, 1:32:57 PM1/17/11
to Django users
Ok I did as much of that as I could. I could not return
render_to_response('template.html', c) because I have a dict of other
values I must send, such as the form and the results.
Now I get:
"Reason given for failure:
No CSRF or session cookie.
"
probably because of that one thing
render_to_response('template.html', c) because I have a dict of other
values I must send, such as the form and the results.
Now I get:
"Reason given for failure:
No CSRF or session cookie.
"
probably because of that one thing
crazedpsyc
Jan 17, 2011, 1:36:56 PM1/17/11
to Django users
I fixed it with the not recommended method, but/so any help fixing it
the other way would be appreciated
the other way would be appreciated
Reply all
Reply to author
Forward
0 new messages