CODEWITHSUNDEEP
djangodjango-crispy-formsdjango-csrf
Eenna
Eenna

Reputation: 81

How to remove csrf token from search result url in Django?

I am trying to implement a form for advanced search in django templates using crispy forms. But when I search and get redirected to the results page, I have the csrf token in the URL.

http://127.0.0.1:8000/search/?csrfmiddlewaretoken=EjwC5ExYEy8A9j4X9zAqXKIXrKSiApvoUeQYXgr0ieUJmo0m69uJY2zCLFaWz8Xe&name=test_csc&room=&form_index=

I do have a POST form later in the index.html file that I use a csrf token with, but even if I remove all instances of {% csrf_token %} anywhere, the url still has the csrf token in it.

I do not explicitly mention anything to do with csrf in my views file.

The advanced search in index.html:

<form action ="{% url 'app:search_results' %}" method="GET" id="form_index">
    <div class="form-group">
        {% crispy form_index %}
    </div>
</form>
<footer class="major">
    <ul class="actions special">
        <li><button type="submit" class="button" form="form_index" name="form_index">Search</button></li>
    </ul>
</footer>

I should mention that form_index is also used as a form to add something to the database. But I did create a separate form specifically for advanced search to test if it changed anything with the csrf in the url, and it didn't: it was still in the url with the separate form.

I have read the Django documentation concerning the csrf token. I haven't used {% csrf_token %} with a GET request. I have looked at and tried answers Avoid CSRF token in URLS, and django csrf_token in search result url, and Using GET in a Django Form, which didn't solve my problem.

How to do I fix this?

Upvotes: 2

Views: 925

Answers (1)

Eenna
Eenna

Reputation: 81

Answering my own question here in case someone has the same problem in the future. . .

In the crispy form documentation there's a disable_csrf = False heading. All of my crispy logic and layout is in the __init__() function in the forms.py file. I just added self.helper.disable_csrf = True like so:

def __init__(self, *args, **kwargs):
    super().__init__(*args, **kwargs)
    self.helper = FormHelper()
    self.helper.disable_csrf = True

This fixed my issue.

Upvotes: 2

Related Questions