I may misunderstand how csrf_token works, but I think it needs to be used in
conjunction with the forms system, which would require you to pass a form to
your template. Are you doing that?
Daniel Lathrop
News Applications Editor
The Dallas Morning News
---------------------------
Daniel Lathrop
206.718.0349 (cell)
On Mon, Aug 30, 2010 at 11:46 AM, Erik <dyk...@gmail.com> wrote:
> Hi Django Users-
> I'm having trouble with the {% csrf_token %} tag.
> On my site I have a regular login view / page / url, which uses
> the django contrib registration app. I include the CSRF token in my
> login template and it works fine.
> I'd also like a little login box in the corner of every page,
> which will either show a login form or a "you're logged in!" message
> depending on whether the user is logged in. So, I wrote a little form
> into my base.html template that other templates inherit from; and I
> stuck the {% csrf_token %} tag in there as well.
> The part I don't understand is, if I load the login url in the
> browser ( mysite.com/login/ ) both forms work, I can login with them,
> and when I view the source the CSRF token tag has put a hidden field
> into my form.
> However, when I'm on any other page - for example the front page
> - the token tag just leaves a blank space and doesn't output anything,
> but it doesn't give me an error message on loading the page - as it
> would when I try to use a token tag that doesn't exist - such as {%
> faketokentag %}. Of course, because the csrf token tag doesn't
> create any output (in the HTML source generated) when the form is
> submitted the CSRF error occurs.
> I'm rendering all such pages with the generic view
> direct_to_template , which, because it's a generic view, the
> documentation suggests should just work with CSRF.
> Does anyone have any suggestions?
>
> Thank you,
> Erik
>
> --
> You received this message because you are subscribed to the Google Groups
> "Django users" group.
> To post to this group, send email to django-us...@googlegroups.com.
> To unsubscribe from this group, send email to
> django-users+unsubscr...@googlegroups.com<django-users%2bunsubscr...@googlegroups.com>
> .
> For more options, visit this group at
> http://groups.google.com/group/django-users?hl=en.
>
>
--
You received this message because you are subscribed to the Google Groups
"Django users" group.
To post to this group, send email to django-us...@googlegroups.com.
To unsubscribe from this group, send email to
django-users+unsubscr...@googlegroups.com.
For more options, visit this group at
http://groups.google.com/group/django-users?hl=en.
