Make sure that 'django.middleware.csrf.CsrfViewMiddleware' is listed
in your MIDDLEWARE_CLASSES. There's useful info about the things that
need to be in place in order for Django's CSRF protection to work at
http://docs.djangoproject.com/en/dev/ref/contrib/csrf/.

David


On Aug 26, 12:36 am, Jonas Geiregat <jo...@geiregat.org> wrote:
> I'm using django-1.2.1 on Mac OS X.
>
> I'm trying out the comments framework that comes with django by default.
>
> I'm able to   {% load comments %} and   {% render_comment_list for post %}  
> and    {% render_comment_form for post %} .
> But when I try to post a message I get a 403 error:
>
> """
> CSRF verification failed. Request aborted.
>
> Help
>
> Reason given for failure:
>
>     CSRF token missing or incorrect.
>
> """
>
> I know that after the form tag there should be a csrf token template tag. Or 
> at least it should be generated and visible inside the HTML code. Which is 
> not there.
> So I looked where django lived by running: import django; django.__file__. 
> Looked in the contrib/comments/templates/comments/form.html file.
> Inside that file the I'm seeing "  <form action="{% comment_form_target %}" 
> method="post">{% csrf_token %}"
>
> So my question is; Why isn't the csrf_token generated ?
>
> Kind regards,
>
> Jonas Geiregat
> jo...@geiregat.org

-- 
You received this message because you are subscribed to the Google Groups 
"Django users" group.
To post to this group, send email to django-us...@googlegroups.com.
To unsubscribe from this group, send email to 
django-users+unsubscr...@googlegroups.com.
For more options, visit this group at 
http://groups.google.com/group/django-users?hl=en.

Reply via email to