Django: CSRF check failed even after adding {% csrf_token%}

Question

Django: CSRF check failed even after adding {% csrf_token%}

views.py:

def index(request): return render_to_response('index.html', {}) def photos(request, artist): if not artist: return render_to_response('photos.html', {'error' : 'no artist supplied'}) photos = get_photos_for_artist(artist) if not photos: logging.error('Issue while getting photos for artist') return render_to_response('photos.html', {'error': 'no matching artist found'}) return render_to_response('photos.html', {'photos': photos})

Index.html:

 <html> <head> <title>find artist photos </title> </head> <body> {% block error %} {% endblock %} <form action="/photos" method="POST"> {% csrf_token %} <label for="artist">Artist : </label> <input type="text" name="artist"> <input type="submit" value="Search"> </form> {% block content %}{% endblock %} </body> </html>

photos.html:

 {% extends 'index.html' %} {% block error %} {% if error %} <p> {{ error}} </p> {% endif %} {% endblock %} {% block content %} {% if photos %} {% for photo in photos %} {{ photo }} {% endfor %} {% endif %} {% endblock%}

url.py:

 urlpatterns = patterns('', (r'', index), (r'^time/$', current_datetime), (r'^photos/(\w+)$', photos) )

I even tried adding {% csrf_token %} , but no luck

thanks

UPDATE
I see them in magazines

 UserWarning: A {% csrf_token %} was used in a template, but the context did not provide the value. This is usually caused by not using RequestContext. warnings.warn("A {% csrf_token %} was used in a template, but the context did not provide the value. This is usually caused by not using RequestContext.")

This happened after adding context_instance = RequestContext (request) ** for render_to_response () **

+3

python django

daydreamer Dec 6 '11 at 23:45

source share

7 answers

Kambiz · Answer 1 · 2011-12-07T04:04:30+0000

add context_instance=RequestContext(request) to each view in which you will use the form inside it:

 return render_to_response('index.html', {}, context_instance=RequestContext(request) ) return render_to_response('photos.html', {'photos': photos}, context_instance=RequestContext(request) )

sberder · Answer 2 · 2012-07-26T02:57:03+0000

Assuming you are using a fairly new version of Django (1.3 / 1.4 / dev), you should follow these steps:

In settings.py add the django.middleware.csrf.CsrfViewMiddleware to MIDDLEWARE_CLASSES .
In the template, use {% crsf_token %} on the form.
In your opinion, make sure that the django.core.context_processors.csrf context django.core.context_processors.csrf used either:
- use RequestContext from django.template
- directly import csrf processor from from django.core.context_processors

Examples

 from django.template import RequestContext from django.shortcuts import render_to_response def my_view(request): return render_to_response('my_template.html', {}, context_instance=RequestContext(request))

or

 from django.core.context_processors import csrf from django.shortcuts import render_to_response def my_view(request): c = {csrf(request)} return render_to_response('my_template.html', c)

References

csrf in Django 1.3 or csrf in Django 1.4
RequestContext in Django 1.3 or RequestContext in Django 1.4

(comprehensive post for posterity and future viewers)

user9876 · Answer 3 · 2011-12-07T22:42:01+0000

The following are some troubleshooting steps:

Upload your index page in a web browser, do a Source View and see if {% csrf_token %} expands. It should be replaced with the <input> . If this does not happen, you are having problems with your index page. If it is replaced correctly, you are having problems with the photo page.
The POST URL in index.html does not match any of the patterns in urls.py Your urls.py seems to expect the search request to be part of the URL, but it isn’t - you are sending it as an HTTP POST parameter. You need to access it through request.POST .

Goin · Answer 4 · 2011-12-06T23:49:14+0000

Check the settings if you have this middleware:

 'django.middleware.csrf.CsrfViewMiddleware'

https://docs.djangoproject.com/en/dev/ref/contrib/csrf/

kungphu · Answer 5 · 2011-12-07T00:54:24+0000

You may need to explicitly pass an instance of RequestContext when you use render_to_response to get the CSRF values for this template tag.

http://lincolnloop.com/blog/2008/may/10/getting-requestcontext-your-templates/

andersem · Answer 6 · 2011-12-07T00:08:53+0000

Try using the @csrf_protect decorator:

 from django.views.decorators.csrf import csrf_protect from django.shortcuts import render_to_response @csrf_protect def photos(request,artist): if not artist: return render_to_response('photos.html', {'error' : 'no artist supplied'}) photos = get_photos_for_artist(artist) if not photos: logging.error('Issue while getting photos for artist') return render_to_response('photos.html', {'error': 'no matching artist found'}) return render_to_response('photos.html', {'photos': photos})

Megha gajbhiye · Answer 7 · 2017-02-21T20:15:02+0000

This worked for me:

{% csrf_token%} In the template within each POST form, there is a template tag {% csrf_token%} that targets the internal URL.

In views.py:

from django.template import RequestContext

...

return render_to_response ("home.html", {}, context_instance = RequestContext (request) )

Django: CSRF check failed even after adding {% csrf_token%}

Examples

References

More articles: