Make sure that 'django.middleware.csrf.CsrfViewMiddleware' is listed
in your MIDDLEWARE_CLASSES. There's useful info about the things that
need to be in place in order for Django's CSRF protection to work at
http://docs.djangoproject.com/en/dev/ref/contrib/csrf/.
David
On Aug 26, 12:36 am, Jonas Geiregat <jo...@geiregat.org> wrote:
> I'm using django-1.2.1 on Mac OS X.
>
> I'm trying out the comments framework that comes with django by default.
>
> I'm able to {% load comments %} and {% render_comment_list for post %}
> and {% render_comment_form for post %} .
> But when I try to post a message I get a 403 error:
>
> """
> CSRF verification failed. Request aborted.
>
> Help
>
> Reason given for failure:
>
> CSRF token missing or incorrect.
>
> """
>
> I know that after the form tag there should be a csrf token template tag. Or
> at least it should be generated and visible inside the HTML code. Which is
> not there.
> So I looked where django lived by running: import django; django.__file__.
> Looked in the contrib/comments/templates/comments/form.html file.
> Inside that file the I'm seeing " <form action="{% comment_form_target %}"
> method="post">{% csrf_token %}"
>
> So my question is; Why isn't the csrf_token generated ?
>
> Kind regards,
>
> Jonas Geiregat
> jo...@geiregat.org
--
You received this message because you are subscribed to the Google Groups
"Django users" group.
To post to this group, send email to django-us...@googlegroups.com.
To unsubscribe from this group, send email to
django-users+unsubscr...@googlegroups.com.
For more options, visit this group at
http://groups.google.com/group/django-users?hl=en.
