Forbidden (403) CSRF verification failed. Request aborted.
5,269 views
Skip to first unread message
hank23
Jan 25, 2011, 5:06:30 PM1/25/11
to Django users
I'm trying to write the code and implement a file upload screen based
on this document:
http://docs.djangoproject.com/en/1.2/topics/http/file-uploads
I'm getting the following error:
Forbidden (403)
CSRF verification failed. Request aborted.
Help
Reason given for failure:
CSRF token missing or incorrect.
In general, this can occur when there is a genuine Cross Site
Request Forgery, or when Django's CSRF mechanism has not been used
correctly. For POST forms, you need to ensure:
•The view function uses RequestContext for the template, instead of
Context.
•In the template, there is a {% csrf_token %} template tag inside each
POST form that targets an internal URL.
•If you are not using CsrfViewMiddleware, then you must use
csrf_protect on any views that use the csrf_token template tag, as
well as those that accept the POST data.
You're seeing the help section of this page because you have DEBUG =
True in your Django settings file. Change that to False, and only the
initial error message will be displayed.
You can customize this page using the CSRF_FAILURE_VIEW setting.
I have tried coding the csrf token ({% csrf_token %}) on my new screen
as well as leaving it off and its presence does not seem to matter, at
least by itself, because I get the same error whether its present or
not. My screen so far is coded like this:
<body>
<h1>POLL APPLICATION FILE UPLOAD SCREEN</h1>
<br />
<form action="/polls/uploadfile/" method="POST" enctype="multipart/
form-data">
{{ form.title }}
<br />
{{ form.filename.label }}
{{ form.filename }}
{{ form.filename.errors }}
<br /><br />
<input type="submit" value="Upload File" />
<br /><br />
</form>
<br /><br />
<a href="{{ mainmenuurl }}">{{ mainmenutext }}</a>
<br /><br />
</body>
and though I've defined and added the form.title field to the screen
the document does not seem to mention what it's supposed to be for or
how its used, though it shows it coded in the upload form. My view
code for this screen looks like this:
def process_uploaded_file(file):
#destination = open('C:/users/hversemann/desktop/testfile.txt', 'wb
+')
destination = open('C:/users/hversemann/desktop/testfile.txt',
'w')
for chunk in file.chunks():
destination.write(chunk)
destination.close()
def uploadfile(request):
mainmenuurl = "/polls/mainmenu/"
mainmenutext = "Main Menu"
if request.method == 'POST':
form = UploadFileForm(request.POST, request.FILES)
if form.is_valid():
process_uploaded_file(request.FILES['file'])
confirmmessage = "File has been uploaded!"
dctnry = { 'confirmmessage': confirmmessage,
'mainmenuurl': mainmenuurl, 'mainmenutext': mainmenutext }
return render_to_response('polls/confirm.html',
dctnry,
context_instance=RequestContext(request))
else:
dctnry = { 'form': form, 'mainmenuurl': mainmenuurl,
'mainmenutext': mainmenutext }
return render_to_response('polls/uploadfile.html',
dctnry,
context_instance=RequestContext(request))
else:
form = UploadFileForm()
dctnry = { 'form': form, 'mainmenuurl': mainmenuurl,
'mainmenutext': mainmenutext }
return render_to_response('polls/uploadfile.html', {'form':
form})
I've coded as much of of this as possible from right out of the
document. So I'm not sure based on the error exactly where the problem
may be. Thanks in advance for the help.
on this document:
http://docs.djangoproject.com/en/1.2/topics/http/file-uploads
I'm getting the following error:
Forbidden (403)
CSRF verification failed. Request aborted.
Help
Reason given for failure:
CSRF token missing or incorrect.
In general, this can occur when there is a genuine Cross Site
Request Forgery, or when Django's CSRF mechanism has not been used
correctly. For POST forms, you need to ensure:
•The view function uses RequestContext for the template, instead of
Context.
•In the template, there is a {% csrf_token %} template tag inside each
POST form that targets an internal URL.
•If you are not using CsrfViewMiddleware, then you must use
csrf_protect on any views that use the csrf_token template tag, as
well as those that accept the POST data.
You're seeing the help section of this page because you have DEBUG =
True in your Django settings file. Change that to False, and only the
initial error message will be displayed.
You can customize this page using the CSRF_FAILURE_VIEW setting.
I have tried coding the csrf token ({% csrf_token %}) on my new screen
as well as leaving it off and its presence does not seem to matter, at
least by itself, because I get the same error whether its present or
not. My screen so far is coded like this:
<body>
<h1>POLL APPLICATION FILE UPLOAD SCREEN</h1>
<br />
<form action="/polls/uploadfile/" method="POST" enctype="multipart/
form-data">
{{ form.title }}
<br />
{{ form.filename.label }}
{{ form.filename }}
{{ form.filename.errors }}
<br /><br />
<input type="submit" value="Upload File" />
<br /><br />
</form>
<br /><br />
<a href="{{ mainmenuurl }}">{{ mainmenutext }}</a>
<br /><br />
</body>
and though I've defined and added the form.title field to the screen
the document does not seem to mention what it's supposed to be for or
how its used, though it shows it coded in the upload form. My view
code for this screen looks like this:
def process_uploaded_file(file):
#destination = open('C:/users/hversemann/desktop/testfile.txt', 'wb
+')
destination = open('C:/users/hversemann/desktop/testfile.txt',
'w')
for chunk in file.chunks():
destination.write(chunk)
destination.close()
def uploadfile(request):
mainmenuurl = "/polls/mainmenu/"
mainmenutext = "Main Menu"
if request.method == 'POST':
form = UploadFileForm(request.POST, request.FILES)
if form.is_valid():
process_uploaded_file(request.FILES['file'])
confirmmessage = "File has been uploaded!"
dctnry = { 'confirmmessage': confirmmessage,
'mainmenuurl': mainmenuurl, 'mainmenutext': mainmenutext }
return render_to_response('polls/confirm.html',
dctnry,
context_instance=RequestContext(request))
else:
dctnry = { 'form': form, 'mainmenuurl': mainmenuurl,
'mainmenutext': mainmenutext }
return render_to_response('polls/uploadfile.html',
dctnry,
context_instance=RequestContext(request))
else:
form = UploadFileForm()
dctnry = { 'form': form, 'mainmenuurl': mainmenuurl,
'mainmenutext': mainmenutext }
return render_to_response('polls/uploadfile.html', {'form':
form})
I've coded as much of of this as possible from right out of the
document. So I'm not sure based on the error exactly where the problem
may be. Thanks in advance for the help.
Jonas Geiregat
Jan 25, 2011, 6:42:09 PM1/25/11
to django...@googlegroups.com
Hey,
I've also struggled with CSRF for a while.
Maybe I can give you some guidance.
you need to ensure:
•The view function uses RequestContext for the template, instead of
Context.
•In the template, there is a {% csrf_token %} template tag inside each
POST form that targets an internal URL.
•If you are not using CsrfViewMiddleware, then you must use
csrf_protect on any views that use the csrf_token template tag, as
well as those that accept the POST data.
You're seeing the help section of this page because you have DEBUG =
True in your Django settings file. Change that to False, and only the
initial error message will be displayed.
Have you checked each item mentioned by the error report ?
<form action="/polls/uploadfile/" method="POST" enctype="multipart/
form-data">
Add {% crsf_token %} directly after the opening form tag.
return render_to_response('polls/uploadfile.html', {'form':
form})
You must always a ContextRequest like this:
from django.template import RequestContext
return render_to_response('polls/uploadfile.html', {'form':form}, context_instance=RequestContext(your_request_var))
If you are still stuck I can advise you to read the following article: http://andrew.io/weblog/2010/01/django-piston-and-handling-csrf-tokens
Good luck!
hank23
Jan 27, 2011, 9:28:08 AM1/27/11
to Django users
OK. I'll check all of that out, including the article. In the meantime
can you possibly explain the "title" field shown coded on the form in
the Django file upload document? It's shown coded on the form but I
don't think it's referenced anymore after that in the document and I
would like to know what's it's used for, how it needs to be processed
in the view, etc. Thanks for the help.
can you possibly explain the "title" field shown coded on the form in
the Django file upload document? It's shown coded on the form but I
don't think it's referenced anymore after that in the document and I
would like to know what's it's used for, how it needs to be processed
in the view, etc. Thanks for the help.
Reply all
Reply to author
Forward
0 new messages