Relrin
Reputation: 790
Django - 403 Forbidden - CSRF token missing or incorrect
I'm updated to Django 1.6 and get a issue with CSRF token, when i press button "Logout".
My code:
--views.py
@login_required(login_url='/login/')
def show_matches(request):
errors = []
logged = True
if request.method == "POST":
if 'edit' in request.POST:
return HttpResponseRedirect("/edit_matches/")
elif 'view' in request.POST:
return HttpResponseRedirect("/view_matches/")
elif 'logout' in request.POST:
return HttpResponseRedirect("/logout/")
else:
errors.append('Incorrect operation!')
return render_to_response('admin/match_main.html', RequestContext(request, locals()))
-- match_show.html
{% extends "admin/base_admin.html" %}
{% block title %}Administration referee page {% endblock %}
{% block content %}
<form action='.' method='post'>{% csrf_token %}
<input class="btn btn-medium btn-primary" type="submit" value="Edit Matches" name="edit" />
<input class="btn btn-medium btn-primary" type="submit" value="View Matches" name="view" />
</form>
{% endblock %}
How to fix this?
Upvotes: 2
Views: 4972
Answers (2)
Fortune Zhang
Reputation: 41
add hidden input
<input type='hidden' name='csrfmiddlewaretoken' value='{{csrf_token}}'>
Upvotes: 4
Alasdair
Reputation: 309039
The template you have shown does not include the logout button. If you want to logout with a post request, you must include a csrf token in the form containing the logout button.
Upvotes: 3
Related Questions
- Django --CSRF token missing or incorrect
- Why am I getting a 403 error “CSRF token missing” with Django?
- CSRF token missing or incorrect - Django
- Django. CSRF token missing or incorrect
- Django: CSRF token missing or incorrect
- Forbidden (CSRF token missing or incorrect.)
- Django: Forbidden (CSRF token missing or incorrect.)
- Forbidden (403) CSRF verification failed. Request aborted. Django
- Getting error 403 (CSRF token missing or incorrect)
- Django - 403 Forbidden. CSRF token missing or incorrect