Categories

JavaScriptPHPHTMLCssPythonWordPressWeb developmentLinuxMySQLAndroidWindowsJavaC++ / C#LayoutReactUbuntuYiiDjangoProgramming1C-BitrixLaravelSystem administrationTelegramJSONDebianPostgreSQLIOSGoogleHtaccessWindows ServerGitMacOSGoogle ChromeCMSWooСommerceBootstrapNginxSQLUnityAPI
Make a leaderReport
E
E
Evgeny Elizarov2013-10-15 10:49:47
Django
Evgeny Elizarov, 2013-10-15 10:49:47

Django: post request and CSRF issue

Hello. I'm just starting to understand django and stumbled over such a thing. I drew a simple form in the template, send it and get

CSRF verification failed. Request aborted.

I go to the proposed man , I try all 5 proposed methods, and none of them help. what am I doing wrong?

with the help of barker the issue is resolved, it was necessary to use render() instead of render_to_response()

Reply
Answer the question

Answer the question

In order to leave comments, you need to log in

6 answer(s)
Report
B
barker, 2013-10-15
@KorP

No 5 methods needed. You just need to enable the appropriate middleware and insert the csrf_token in the template.

Report
M
Mikhail Priver, 2013-10-15
@mpriver

Should work without any tricks. If you are using the standard application template, all you need to do is paste {% csrf_token %}it inside the form.
The mechanism itself in a simple case (without Ajax) works like this:
1. Django sets the cookie csrftoken=CSRF token
2. Instead of template_tag {% csrf_token %}, Django inserts:

<input type="hidden" name="csrfmiddlewaretoken" value="CSRF-токен">

3. When submitting the form, the cookie and CSRF token goes back to Django along with the rest of the form fields.
4. Django checks the token from the cookie and from the POST.

Report
M
merlin-vrn, 2013-10-15
@merlin-vrn

Look at your template, please. Compare with the HTML generated from this template. Check: what's in the HTML in place of {% csrf_token %} from the template? (Must be input type=hidden name=csrfmiddlewaretoken). Is this field sent to the server along with the form, i.e. is {% csrf_token %} inside <form>...</form>? Intercept HTTP and check (you can tell firebug to see what is being sent).

Report
A
alz, 2013-10-15
@alz

{% csrf_token %} used in the template?

Report
K
kenny_opennix, 2013-10-15
@kenny_opennix

what middleware are connected?

Report
N
navisr, 2016-12-05
@navisr

Who needs a chewed up answer with examples: https://bovs.org/post/179/Zasita-ot-CSRF-v-Django-...

Similar questions
N
nurzhannogerbek2017-04-23 15:40:44
How to do multiple selection? 1Reply
A
Alexander Bondarenko2020-07-09 13:27:24
How to regenerate part of a page with Django? 1Reply
P
Pan Propan2016-02-27 00:48:08
How to insert MEDIA_URL in Django template? 1Reply
M
Max 3422018-07-16 14:30:41
Reopen project? 0Reply
I
ivodopyanov2016-02-29 12:44:30
What is the correct way to implement a "heavy" internal service in Django? 1Reply

Didn't find what you were looking for?

Ask your question

Ask a Question

731 491 924 answers to any question