Make sure that 'django.middleware.csrf.CsrfViewMiddleware' is listed in your MIDDLEWARE_CLASSES. There's useful info about the things that need to be in place in order for Django's CSRF protection to work at http://docs.djangoproject.com/en/dev/ref/contrib/csrf/.
David On Aug 26, 12:36 am, Jonas Geiregat <jo...@geiregat.org> wrote: > I'm using django-1.2.1 on Mac OS X. > > I'm trying out the comments framework that comes with django by default. > > I'm able to {% load comments %} and {% render_comment_list for post %} > and {% render_comment_form for post %} . > But when I try to post a message I get a 403 error: > > """ > CSRF verification failed. Request aborted. > > Help > > Reason given for failure: > > CSRF token missing or incorrect. > > """ > > I know that after the form tag there should be a csrf token template tag. Or > at least it should be generated and visible inside the HTML code. Which is > not there. > So I looked where django lived by running: import django; django.__file__. > Looked in the contrib/comments/templates/comments/form.html file. > Inside that file the I'm seeing " <form action="{% comment_form_target %}" > method="post">{% csrf_token %}" > > So my question is; Why isn't the csrf_token generated ? > > Kind regards, > > Jonas Geiregat > jo...@geiregat.org -- You received this message because you are subscribed to the Google Groups "Django users" group. To post to this group, send email to django-us...@googlegroups.com. To unsubscribe from this group, send email to django-users+unsubscr...@googlegroups.com. For more options, visit this group at http://groups.google.com/group/django-users?hl=en.