CODEWITHSUNDEEP
pythondjangocsrf
lukik
lukik

Reputation: 4060

CSRF token missing or incorrect (I know, its been asked before!)

Been two days trolling through Google, stackoverflow, and docs.djangoproject.com for a solution to CSRF problems.

Disclaimer, am a beginner at Django and following along the book The definitive guide to django - web development done right. Well, apparently am getting something wrong :-(

See below one such attempt and see if you can point out any mistakes because I've tried all the suggestions on stackoverflow but no luck as yet:

view.py:

from django.shortcuts import render_to_response
from django.template import RequestContext

def add_vehicle(request):
    return render_to_response('vehicle.html', RequestContext(request, {}))

vehicle.html:

{% extends "base.html" %}
{% block title %}Vehicle Registration{% endblock %}
{% block content %}
<html>
<head>
</head>
<body>

<form action="/vehicle/" method="post"> {% csrf_token %}
    <table width=100%>
        <tr>
            <td>Reg #:</td>
            <td><input type="text" name="regnumber"></td>
            <td></td>
        </tr>
        <tr>
            <td>Model:</td>
            <td><input type="text" name="model"></td>
            <td></td>
        </tr>
        <tr>
            <td>Manufacturer:</td>
            <td><input type="text" name="manufacturer"></td>
            <td></td>
        </tr>
        <tr>
            <td>Year:</td>
            <td><input type="text" name="year"></td>
            <td></td>       
        </tr>
        <tr>
            <td>Chassis #:</td>
            <td><input type="text" name="chasisnumber"></td>
            <td></td>       
        </tr>
        <tr>
            <td></td>
            <td><input type="submit" value="Submit">
            <input type="submit" value="Clear">
            </td>
            <td></td>       
        </tr>
    </table>
</form>
</body>
</html>
{% endblock %}

I hope that's not too much code for stackoverflow.

Now, I keep getting the CSRF token missing or incorrect.

Please assist.

Edit (Adding details on error)

settings.py looks like this:

MIDDLEWARE_CLASSES = (
'django.middleware.common.CommonMiddleware',
'django.contrib.sessions.middleware.SessionMiddleware',
'django.middleware.csrf.CsrfViewMiddleware',
'django.contrib.auth.middleware.AuthenticationMiddleware',
'django.contrib.messages.middleware.MessageMiddleware',
)

Here is what the console displays when I open vehicle.html page:

warnings.warn("A {% csrf_token %} was used in a template, but the context did not provide the value.  This is usually caused by not using RequestContext.")

Upvotes: 2

Views: 1110

Answers (2)

sandinmyjoints
sandinmyjoints

Reputation: 1976

The signature for render_to_response is render_to_response(template_name[, dictionary][, context_instance][, mimetype]) so should you be calling it like the following to ensure the csrf token is put into the context? 

return render_to_response('vehicle.html', {}, context_instance= RequestContext(request))`

Upvotes: 4

Cory Gwin
Cory Gwin

Reputation: 1243

You should check out this documentation https://docs.djangoproject.com/en/dev/ref/contrib/csrf/

You may be missing the middle ware

Upvotes: 0

Related Questions