Re: CSRF token not adding hidden form field

Wed, 09 Jun 2010 22:38:44 -0700 

This is the login view. I tried to simplify it as much as I possibly
could.

def login(request):
        return render_to_response('base.html', context_instance =
RequestContext(request))

the form in the template looks like this:

                            <form action="/accounts/login/"
method="POST">{% csrf_token %}
                            <label for="username">User name:</label>
                            <input type="text" name="username" value="" 
id="username">
                            <label for="password">Password:</label>
                            <input type="password" name="password" value="" 
id="password">
                            <input type="submit" value="login" />
                            </form>

And this is my installed middleware from settings.py:

MIDDLEWARE_CLASSES = (
    'django.middleware.common.CommonMiddleware',
    'django.contrib.sessions.middleware.SessionMiddleware',
    'django.middleware.csrf.CsrfViewMiddleware',
    'django.contrib.auth.middleware.AuthenticationMiddleware',
    'django.contrib.messages.middleware.MessageMiddleware',
)

thanks for checking it out, let me know if I can make it clearer at
all.


On Jun 9, 6:15 pm, Lee Hinde <leehi...@gmail.com> wrote:
> On Wed, Jun 9, 2010 at 6:08 PM, joelklabo <joelkl...@gmail.com> wrote:
> > The error I am getting is: "CSRF token missing or incorrect" I went
> > and looked in the source for the place where it gives that error and
> > it was this point:
>
> > request_csrf_token = request.POST.get('csrfmiddlewaretoken', None)
> > if request_csrf_token != csrf_token:
> >    if cookie_is_new:
> >        # probably a problem setting the CSRF cookie
> >        return reject("CSRF cookie not set.")
> >    else:
> >        return reject("CSRF token missing or incorrect")
>
> > This is is the Cross Site Request Forgery Middleware. I am using the
> > template tag. I am following the directions. Middleware is there. What
> > could this be?
>
> > On Jun 9, 3:58 pm, joelklabo <joelkl...@gmail.com> wrote:
> >> I have added the {% csrf_token %} to my template. and I have the
> >> django.middleware.csrf.CsrfViewMiddleware installed. I am on Django
> >> 1.2.1 but I keep getting 403 errors. And, when I view the source of my
> >> page there is no hidden form field. No sign of the token.
>
> What's the view look like that sends the form in the first place?

-- 
You received this message because you are subscribed to the Google Groups 
"Django users" group.
To post to this group, send email to django-us...@googlegroups.com.
To unsubscribe from this group, send email to 
django-users+unsubscr...@googlegroups.com.
For more options, visit this group at 
http://groups.google.com/group/django-users?hl=en.

Reply via email to