I'm using django.contrib.comments and get 'CSRF token missing or incorrect.'
when previewing or submitting a comment. I have:
*MIDDLEWARE_CLASSES = (*
* 'django.middleware.csrf.CsrfViewMiddleware',*
* 'django.middleware.common.CommonMiddleware',*
* 'django.contrib.sessions.middleware.SessionMiddleware',*
* 'django.contrib.auth.middleware.AuthenticationMiddleware',*
* 'django.contrib.messages.middleware.MessageMiddleware',*
*)*
url(r'^comments/', include('django.contrib.comments.urls')),
url(r'^entry/(?P<pk>\d+)/comment', 'rp2.views.entry_comment_add'),
@csrf_protect #does not matter if this is here or not
def entry_comment_add(request, pk):
entry = models.Entry.objects.get(pk=pk)
assert isinstance(entry, models.Entry)
return render(request, 'entry_comment_popup.html', {'entry':entry})
{% extends 'head-plain.html' %}
<!-- entry_comment_popup.html -->
{% load comments %}
{% block content %}
{% render_comment_form for entry %}
{% endblock %}
The HTML looks like it has the csrf security_hash in the proper place:
<form action="/comments/post/
<view-source:http://127.0.0.1:8000/comments/post/>" method="post">
<div><input type="hidden" name="object_pk" value="28" id="id_object_pk"
/></div>
<div><input type="hidden" name="timestamp" value="1340899354"
id="id_timestamp" /></div>
<div><input type="hidden" name="security_hash"
value="6e85e1c846861c80575ce435b21a855706725b00" id="id_security_hash" /></div>
...
I have read https://docs.djangoproject.com/en/dev/ref/contrib/comments/
--
You received this message because you are subscribed to the Google Groups
"Django users" group.
To view this discussion on the web visit
https://groups.google.com/d/msg/django-users/-/TDG0eAHHlkkJ.
To post to this group, send email to django-users@googlegroups.com.
To unsubscribe from this group, send email to
django-users+unsubscr...@googlegroups.com.
For more options, visit this group at
http://groups.google.com/group/django-users?hl=en.
