noobProgrammer
noobProgrammer

Reputation: 21

csrf token in html, but cookie can not be set

First, I go to localhost:8000 to see the following page:

</div>        

< form id="SignUpForm"  name="form_signupform"  method="post" action="hello/" > 

{% csrf_token %}  
< fieldset class="roundedCorners"  style = "display: table;"  >
< legend align="center"><em>Sign Up</em></legend>
< p></p>
< p style="display: block;">

etc.

At localhost:8000 the above page view is served using the function in views.py:

def login(request):  
    c = {}  
    c = {'query': 'abcd.com'}  
    response = render_to_response('index.html', c,context_instance=RequestContext(request))  
    return response   

Here, in the served page source I can see the csrf value like the following:

< form  id="SignUpForm"  name="form_signupform"  method="post" action="hello/" >
< input type='hidden' name='csrfmiddlewaretoken'      
value='rjbU4k8DY3EEBWVhlsgIYU3gEu4x3ctM' / >   
< fieldset class="roundedCorners"  style = "display: table;" >
< legend align="center"><em>Sign Up</em></legend>
< p >< /p >
< p style="display: block;"> 

etc.

On pressing submit button another view is called. In views.py:

def hello(request):  
    if request.method == "POST":  
        return HttpResponseRedirect("genResp1.html")  
    else:  
        return HttpResponseRedirect("genResp2.html")  

BUT, on pressing submit button i get the following error:

Forbidden (403)
    CSRF verification failed. Request aborted.
...
...
Help
Reason given for failure:
    CSRF cookie not set.

:: i have consulted a) django docs, b) stackoverflow.com, c) google, etc. I have tried every possible permutation-combination of code... but the eror never changed...(I can set cookie calling set_cookie function... that works fine... but csrf cookie can not be set... why?) PLEASE DO NOT SEARCH NET AND WRITE SOLUTION. I HAVE SEARCHED THAT FOR LAST 6 DAYS.I HAVE TRIED ALL FORMS OF VIEW FUNCTION. ONE OF THEM IS GIVEN ABOVE. IF YOU HAVE DONE THAT CSRF JOB BY YOURSELF AND GOT IT RUNNING THEN ONLY PLEASE WRITE HOW YOU DID THAT... (me using python 3.4 and django 1.7)

Upvotes: 2

Views: 453

Answers (2)

Basil Musa
Basil Musa

Reputation: 8738

The problem get solved by setting CSRF_COOKIE_SECURE to False, since I was NOT using HTTPS on my development machine:

  1. Modified the file settings.py which had the following line:

    CSRF_COOKIE_SECURE = True
    SESSION_COOKIE_SECURE = True
    
  2. Changed it to:

    CSRF_COOKIE_SECURE = False
    SESSION_COOKIE_SECURE = False
    

Upvotes: 1

noobProgrammer
noobProgrammer

Reputation: 21

ok... i figured it out the above is correct... but in the settings i wrote the following...

# CSRF_COOKIE_NAME = 'csrfmiddlewaretoken' 
# CSRF_COOKIE_DOMAIN = 'localhost:8000' # your domain name 
# CSRF_COOKIE_SECURE = False 
# CSRF_COOKIE_HTTPONLY = False 
# CSRF_COOKIE_AGE = None 
# CSRF_COOKIE_USED = True 
# CSRF_COOKIE_PATH = 'C:\\Users\\me\\Desktop\\cookFol' 

SESSION_EXPIRE_AT_BROWSER_CLOSE = True

... see i commented out those and it worked... The above codes are as same, may be there were any mismatch in those settings customization...

Upvotes: 0

Related Questions