Hi Django Users-
I'm having trouble with the {% csrf_token %} tag.
On my site I have a regular login view / page / url, which uses
the django contrib registration app. I include the CSRF token in my
login template and it works fine.
I'd also like a little login box in the corner of every page,
which will either show a login form or a "you're logged in!" message
depending on whether the user is logged in. So, I wrote a little form
into my base.html template that other templates inherit from; and I
stuck the {% csrf_token %} tag in there as well.
The part I don't understand is, if I load the login url in the
browser ( mysite.com/login/ ) both forms work, I can login with them,
and when I view the source the CSRF token tag has put a hidden field
into my form.
However, when I'm on any other page - for example the front page
- the token tag just leaves a blank space and doesn't output anything,
but it doesn't give me an error message on loading the page - as it
would when I try to use a token tag that doesn't exist - such as {%
faketokentag %}. Of course, because the csrf token tag doesn't
create any output (in the HTML source generated) when the form is
submitted the CSRF error occurs.
I'm rendering all such pages with the generic view
direct_to_template , which, because it's a generic view, the
documentation suggests should just work with CSRF.
Does anyone have any suggestions?
Thank you,
Erik
--
You received this message because you are subscribed to the Google Groups
"Django users" group.
To post to this group, send email to django-us...@googlegroups.com.
To unsubscribe from this group, send email to
django-users+unsubscr...@googlegroups.com.
For more options, visit this group at
http://groups.google.com/group/django-users?hl=en.
