I may be wrong, but I don't see you using {% csrf_token %} anywhere. You're
posting random snippets from your code that only loosely relate - I have
trouble finding full code for the view and all components of HTML templates
causing you trouble.
So I'll just post a few tips:
- before submitting the form in your browser, show the rendered HTML for
the page "right click, then View Source (or similar) - does it contain the
csrf_token parameter? (Just search for "csrf_token").
- you can easily verify that your CSRF token is posted with the form by
putting "print request" on the first line of the view that receives the
form submission - then you should see "csrf_token" among the posted
paramaters.
- better version is to install a module to the browser you use for
debugging to view what's actually being sent. For Firefox, you could use
the excellent Firebug.
On Tue, Nov 13, 2012 at 9:05 AM, Nebros <markuschriste...@gmail.com> wrote:
> kundendaten-----------------------------
> {% include "header.html" %}
> <title>Kundendaten</title>
> {% include "header2.html" %}
> <h1>Portal</h1>
> <h2>Ausgabe Kundendaten</h2>
> {% include "sql.html" %}
> <table border="1">
> <tr><th>Name</th><th>E-Mail</th></tr>
> <tr><td>'.$result['t_name'].'</td><td>'.$result['t_mail'].'</td></tr>
> </table>
> {% include "footer.html" %}
> -----------------------------------------------
>
> (header , header2 and footer are only for the html tags !doctype... blabla)
>
> Forbidden (403)---------------------------------
>
> CSRF verification failed. Request aborted.
> Help
>
> Reason given for failure:
>
> CSRF cookie not set.
>
>
> In general, this can occur when there is a genuine Cross Site Request
> Forgery, or when *Django's CSRF
> mechanism*<http://docs.djangoproject.com/en/dev/ref/contrib/csrf/#ref-contrib-csrf>has
> not been used correctly. For POST forms, you need to ensure:
>
> - Your browser is accepting cookies.
> - The view function uses
> *RequestContext*<http://docs.djangoproject.com/en/dev/ref/templates/api/#subclassing-context-requestcontext>for
> the template, instead of
> Context.
> - In the template, there is a {% csrf_token %} template tag inside
> each POST form that targets an internal URL.
> - If you are not using CsrfViewMiddleware, then you must use
> csrf_protect on any views that use the csrf_token template tag, as
> well as those that accept the POST data.
>
> You're seeing the help section of this page because you have DEBUG = Truein
> your Django settings file. Change that to
> False, and only the initial error message will be displayed.
>
> You can customize this page using the CSRF_FAILURE_VIEW setting.
>
> ---------------------------------------------------------------------
>
>
> Am Montag, 12. November 2012 15:00:48 UTC+1 schrieb Nebros:
>
>> I know this is an old problem with many answers... but no one helps me. ^^
>> what i have:
>>
>> Settings----------------------**----------
>> MIDDLEWARE_CLASSES = (
>> 'django.middleware.csrf.**CsrfViewMiddleware',
>> 'django.middleware.common.**CommonMiddleware',
>> 'django.contrib.sessions.**middleware.SessionMiddleware',
>> 'django.contrib.auth.**middleware.**AuthenticationMiddleware',
>> 'django.contrib.messages.**middleware.MessageMiddleware',
>> # Uncomment the next line for simple clickjacking protection:
>> # 'django.middleware.**clickjacking.**XFrameOptionsMiddleware',
>> )
>> ------------------------------**-------------
>>
>> urls--------------------------**------------
>> from django.conf.urls import patterns
>> from klasse.views import portal, kundendaten
>> urlpatterns = patterns('',
>> (r'^portal/$', portal),
>> (r'^kundendaten/$', kundendaten),
>> )
>> ------------------------------**-------------
>>
>> views-------------------------**----------
>> from django.shortcuts import render_to_response
>> from django.core.context_processors import csrf
>> from django.views.decorators.csrf import csrf_protect
>> import datetime
>> import pyodbc
>> @csrf_protect
>> def portal(request):
>> now = datetime.datetime.now()
>> return render_to_response('portal.**html', {'current_date': now})
>> ------------------------------**--------------
>>
>> portal.html-------------------**-----------
>> <form method="post" action="/kundendaten/">
>> {% csrf_token %}
>> <fieldset>
>> <legend>Anfrage</legend>
>> <p>Bitte Kundennamen eingeben</p>
>> <label>
>> <input type="text" name="kunde" size="30" required="required">
>> </label>
>> <br>
>> <br>
>> <input type="submit" name="senden" value="Senden"
>> href="kundendaten">
>> </fieldset>
>> </form>
>> ------------------------------**--------------
>>
>> I tryed a lot of variants to fix my "post" problem, but without success.
>> can anybody help me? ^^
>> thx
>> *pls ignore my englisch fails
>>
> --
> You received this message because you are subscribed to the Google Groups
> "Django users" group.
> To view this discussion on the web visit
> https://groups.google.com/d/msg/django-users/-/K1p4e5lY1B4J.
>
> To post to this group, send email to django-users@googlegroups.com.
> To unsubscribe from this group, send email to
> django-users+unsubscr...@googlegroups.com.
> For more options, visit this group at
> http://groups.google.com/group/django-users?hl=en.
>
--
You received this message because you are subscribed to the Google Groups
"Django users" group.
To post to this group, send email to django-users@googlegroups.com.
To unsubscribe from this group, send email to
django-users+unsubscr...@googlegroups.com.
For more options, visit this group at
http://groups.google.com/group/django-users?hl=en.
