python - Djangobook ch 7 CSRF -
i'm reading djangobook , i'm on ch 7.there line says "#todo - explain csrf token"
when following examples (i'm pretty sure i've followed them exactly), cannot code function properly.
here template
<html> <head> <title>contact us</title> </head> <body> <h1>contact us</h1> {% if errors %} <ul> {% error in errors %} <li>{{ error }}</li> {% endfor %} </ul> {% endif %} <form action="/contact/" method="post"> {% csrf_token %} <p>subject: <input type="text" name="subject"></p> <p>your e-mail (optional): <input type="text" name="email"></p> <p>message: <textarea name="message" rows="10" cols="50"></textarea></p> <input type="submit" value="submit"> </form> </body> </html> here view
django.core.mail import send_mail django.http import httpresponseredirect django.shortcuts import render django.template import requestcontext def contact(request): errors = [] if request.method == 'post': if not request.post.get('subject', ''): errors.append('enter subject.') if not request.post.get('message', ''): errors.append('enter message.') if request.post.get('email') , '@' not in request.post['email']: errors.append('enter valid e-mail address.') if not errors: send_mail( request.post['subject'], request.post['message'], request.post.get('email', 'noreply@example.com'), ['siteowner@example.com'], ) return httpresponseredirect('/contact/thanks/') return render(request, 'contact_form.html', {'errors': errors}, context_instance=requestcontext(request)) this error i'm getting
forbidden (403) csrf verification failed. request aborted. reason given failure: csrf token missing or incorrect. in general, can occur when there genuine cross site request forgery, or when django's csrf mechanism has not been used correctly. post forms, need ensure: - browser accepting cookies. - view function uses requestcontext template, instead of context. - in template, there {% csrf_token %} template tag inside each post form targets internal url. - if not using csrfviewmiddleware, must use csrf_protect on views use csrf_token template tag, accept post data. you're seeing section of page because have debug = true in django settings file. change false, , initial error message displayed. can customize page using csrf_failure_view setting. edit******
i discovered can view source code form , csrf_token isn't being inserted though have in template. looked common solutions. people suggested this
return render_to_response('contact_form.html', {'errors': errors}, context_instance=requestcontext(request)) but doesn't work me either.
i checked settings.py , see 2 middlewares added not csrfviewmiddleware -
middleware_classes = ( ... ‘django.middleware.csrf.csrfviewmiddleware’, ‘django.middleware.csrf.csrfresponsemiddleware’, ) try adding more.
Comments
Post a Comment