The "security_hash" field that you see is part of the comments app, and is
> not the CSRF token. That needs to be output by a {% csrf_token %} tag (or
> its equivalent). If it's working, you should see another hidden input
> field, which looks like this:
>
> <div style="display:none">
> <input type="hidden" name="csrfmiddlewaretoken"
> value="36d43c1652d5676d6d411950e077eeaa1cc1f799"/>
> </div>
>
> The comments app normally does that automatically -- it's part of
> django/contrib/comments/templates/form.html -- Are you overriding the
> comment form in your own app? If so, you need to include the call to {%
> csrf_token %} yourself.
>
I am not overriding, at least not deliberately.
django/contrib/comments/templates/form.html has:
{% load comments i18n %}
<form action="{% comment_form_target %}" method="post">{% csrf_token %}
I render my form with:
{% render_comment_form for entry %}
---------------
I should note it did work when I first added it to the application. It
broke after I added pybbm. I've since removed pybbm (it is maintained and
broken), but comments
started getting csrf errors.
--
You received this message because you are subscribed to the Google Groups
"Django users" group.
To view this discussion on the web visit
https://groups.google.com/d/msg/django-users/-/pykynQInFVUJ.
To post to this group, send email to django-users@googlegroups.com.
To unsubscribe from this group, send email to
django-users+unsubscr...@googlegroups.com.
For more options, visit this group at
http://groups.google.com/group/django-users?hl=en.
