Thanks for your help :) Yup, I already did that, added {% csrf_token %} just
after <form> tag..still the same error comes up :(
On Wed, Sep 29, 2010 at 11:44 AM, Yo-Yo Ma <baxterstock...@gmail.com> wrote:
> User logs into your site (SaadsDjangoSite.com). User goes to
> CriminalCSRFSite.com while logged into yours. They put a script tag in
> their page that has a post-back to ttp://
> saadsdjangosite.com/delete-everything-and-kill-kittens/.
> This causes the user's logged in browser to make a request to your
> site, and delete everything and kill kittens, all without the user
> knowing what happened.
>
> Follow those instructions. Make sure you put {% csrf_token %} right
> after your open <form> tag.
>
>
>
> On Sep 28, 11:38 pm, Saad Sharif <myscotlandproj...@gmail.com> wrote:
> > Thanks a lotttt :)
> >
> > but there is a new error
> >
> > The Error:
> >
> > Forbidden (403)
> >
> > CSRF verification failed. Request aborted.
> > Help
> >
> > Reason given for failure:
> >
> > CSRF token missing or incorrect.
> >
> > In general, this can occur when there is a genuine Cross Site Request
> > Forgery, or when Django's CSRF
> > mechanism<
> http://docs.djangoproject.com/en/dev/ref/contrib/csrf/#ref-contrib-csrf
> >has
> > not been used correctly. For POST forms, you need to ensure:
> >
> > - The view function uses
> > RequestContext<
> http://docs.djangoproject.com/en/dev/ref/templates/api/#subclassing-c..
> .>for
> > the template, instead of
> > Context.
> > - In the template, there is a {% csrf_token %} template tag inside
> each
> > POST form that targets an internal URL.
> > - If you are not using CsrfViewMiddleware, then you must use
> > csrf_protecton any views that use the
> > csrf_token template tag, as well as those that accept the POST data.
> >
> > You're seeing the help section of this page because you have DEBUG = True
> in
> > your Django settings file. Change that to False, and only the initial
> error
> > message will be displayed.
> >
> > You can customize this page using the CSRF_FAILURE_VIEW setting.
> >
> > On Wed, Sep 29, 2010 at 10:39 AM, Yo-Yo Ma <baxterstock...@gmail.com>
> wrote:
> > > (r'^login/', include('macrohms.views.login')), is incorrect.
> >
> > > the include() function, pertaining to urls.py is for including other
> > > URL confs (so you can have sub-sections of your site contain their own
> > > urls.py). You'll want to replace that line with:
> >
> > > url(r'^login/$', 'macrohms.views.login')),
> >
> > > Note, I changed two additional things - I changed your tuple to a
> > > url() function call instead, and I added a $ at the end of the URL
> > > pattern (denotes the end of a string in regex). The url() function is
> > > the "cool" way to define URLs.
> >
> > > On Sep 28, 10:41 pm, Saad Sharif <myscotlandproj...@gmail.com> wrote:
> > > > Hi all,
> >
> > > > I created a simple login form
> >
> > > > My code:
> > > > <form method="post" action="/login/" ENCTYPE="multipart/form-data"
> > > > dojoType="dijit.form.Form" >{% csrf_token %}
> > > > username <input>
> > > > password <input type="password">
> > > > <button> login <input type="submit" value="Submit">
> > > > </form>
> >
> > > > In views.py i added
> >
> > > > def login(request):
> > > > return render_to_response('login.html')
> >
> > > > In urls.py i added
> >
> > > > (r'^login/', include('macrohms.views.login')),
> >
> > > > The Error when i press login button:
> > > > ImportError at /login/
> >
> > > > No module named login
> >
> > > > Request Method: POST Request URL:
> http://localhost:8000/login/Django
> > > > Version: 1.2.3 Exception Type: ImportError Exception Value:
> >
> > > > No module named login
> >
> > > > Exception Location:
> >
> > >
> /home/saad/www/lib/python2.6/site-packages/Django-1.2.3-py2.6.egg/django/utils/importlib.py
> > > > in import_module, line 35 Python Executable:
> /home/saad/www/bin/python
> > > Python
> > > > Version: 2.6.5 Python Path: ['/home/saad/www/webapps/macrohms',
> > > >
> '/home/saad/www/lib/python2.6/site-packages/setuptools-0.6c11-py2.6.egg',
> > > > '/home/saad/www/lib/python2.6/site-packages/pip-0.8.1-py2.6.egg',
> > > > '/home/saad/www/lib/python2.6/site-packages/Django-1.2.3-py2.6.egg',
> > > > '/home/saad/www/lib/python2.6/site-packages/Coffin-0.3.3-py2.6.egg',
> > > > '/home/saad/www/lib/python2.6/site-packages/Jinja2-2.5.2-py2.6.egg',
> > > > '/home/saad/www/lib/python2.6/site-packages/WTForms-0.6.1-py2.6.egg',
> > > > '/home/saad/www/lib/python2.6',
> > > '/home/saad/www/lib/python2.6/plat-linux2',
> > > > '/home/saad/www/lib/python2.6/lib-tk',
> > > > '/home/saad/www/lib/python2.6/lib-old',
> > > > '/home/saad/www/lib/python2.6/lib-dynload', '/usr/lib/python2.6',
> > > > '/usr/lib/python2.6/plat-linux2', '/usr/lib/python2.6/lib-tk',
> > > > '/home/saad/www/lib/python2.6/site-packages'] Server time: Tue, 28
> Sep
> > > 2010
> > > > 23:40:56 -0500
> >
> > > --
> > > You received this message because you are subscribed to the Google
> Groups
> > > "Django users" group.
> > > To post to this group, send email to django-us...@googlegroups.com.
> > > To unsubscribe from this group, send email to
> > > django-users+unsubscr...@googlegroups.com<django-users%2bunsubscr...@googlegroups.com>
> <django-users%2bunsubscr...@googlegroups.com<django-users%252bunsubscr...@googlegroups.com>
> >
> > > .
> > > For more options, visit this group at
> > >http://groups.google.com/group/django-users?hl=en.
>
> --
> You received this message because you are subscribed to the Google Groups
> "Django users" group.
> To post to this group, send email to django-us...@googlegroups.com.
> To unsubscribe from this group, send email to
> django-users+unsubscr...@googlegroups.com<django-users%2bunsubscr...@googlegroups.com>
> .
> For more options, visit this group at
> http://groups.google.com/group/django-users?hl=en.
>
>
--
You received this message because you are subscribed to the Google Groups
"Django users" group.
To post to this group, send email to django-us...@googlegroups.com.
To unsubscribe from this group, send email to
django-users+unsubscr...@googlegroups.com.
For more options, visit this group at
http://groups.google.com/group/django-users?hl=en.
