Re: csrf_token not enclosed in hidden element

Thu, 04 Nov 2010 06:35:59 -0700 

Ah, I see. Thanks!

Erik

Den 04/11/2010 kl. 11.17 skrev Menno Luiten:

> That's because you have to use {% csrf_token %} instead of {{ ... }} in your 
> template code. Confusing, perhaps, but have encountered it several times 
> myself.
> 
> Regards,
> Menno
> 
> On 11/04/2010 11:10 AM, Erik Cederstrand wrote:
>> Hi,
>> 
>> I have a view that creates a login page. I use the @csrf_protect decorator 
>> on my view and {{csrf_token}} tag in the template, and the generated 
>> response contains the csrf token. The problem is that the token is printed 
>> as-is instead of being enclosed i a hidden element, as I understand it's 
>> supposed to. Any ideas why?
>> 
>> 
>> My view:
>> 
>> from django.contrib.auth.forms import AuthenticationForm
>> from django.template import RequestContext, loader
>> [...]
>> @csrf_protect
>> def login(response):
>>     t = loader.get_template('base/login.html')
>>     form = AuthenticationForm()
>>     c = RequestContext(request, {
>>         'errormsg': errormsg,
>>         'form': form,
>>     })
>>     return HttpResponse(t.render(c))
>> 
>> 
>> My template:
>> 
>> <form action="/login/" method="post">{{ csrf_token }}
>> <table>{{ form.as_table }}</table>
>> <p><input type="submit" value="Log ind" /></p>
>> </form>
>> 
>> 
>> The generated HTML is:
>> 
>> <form action="/login/" method="post">1a3130639851sd8f768b154ba4142d57c8
>> <table><tr><th><label for="id_username">Brugernavn:</label></th><td><input 
>> id="id_username" type="text" name="username" maxlength="30" /></td></tr>
>> <tr><th><label for="id_password">Adgangskode:</label></th><td><input 
>> type="password" name="password" id="id_password" /></td></tr></table>
>> <p><input type="submit" value="Log ind" /></p>
>> </form>
>> 
>> 
>> Thanks,
>> Erik
> 
> -- 
> You received this message because you are subscribed to the Google Groups 
> "Django users" group.
> To post to this group, send email to django-us...@googlegroups.com.
> To unsubscribe from this group, send email to 
> django-users+unsubscr...@googlegroups.com.
> For more options, visit this group at 
> http://groups.google.com/group/django-users?hl=en.

Med venlig hilsen,

Erik Cederstrand
Affect IT

Tlf: 22 66 07 67
Mail: e...@affect-it.dk

Attachment: smime.p7s
Description: S/MIME cryptographic signature

Reply via email to