Thanks for your response.
No, I wasn't generating the form within django; I had hand coded
a form into the page; because I had intended that this form appear on
every page in the side.
I'll try it as you suggest and report back. This may involve
learning how to write template tags.
thanks,
Erik
On Aug 30, 4:16 pm, Daniel Lathrop <daniel.lath...@gmail.com> wrote:
> I may misunderstand how csrf_token works, but I think it needs to be used in
> conjunction with the forms system, which would require you to pass a form to
> your template. Are you doing that?
>
> Daniel Lathrop
> News Applications Editor
> The Dallas Morning News
> ---------------------------
> Daniel Lathrop
> 206.718.0349 (cell)
>
>
>
> On Mon, Aug 30, 2010 at 11:46 AM, Erik <dyk...@gmail.com> wrote:
> > Hi Django Users-
> > I'm having trouble with the {% csrf_token %} tag.
> > On my site I have a regular login view / page / url, which uses
> > the django contrib registration app. I include the CSRF token in my
> > login template and it works fine.
> > I'd also like a little login box in the corner of every page,
> > which will either show a login form or a "you're logged in!" message
> > depending on whether the user is logged in. So, I wrote a little form
> > into my base.html template that other templates inherit from; and I
> > stuck the {% csrf_token %} tag in there as well.
> > The part I don't understand is, if I load the login url in the
> > browser ( mysite.com/login/ ) both forms work, I can login with them,
> > and when I view the source the CSRF token tag has put a hidden field
> > into my form.
> > However, when I'm on any other page - for example the front page
> > - the token tag just leaves a blank space and doesn't output anything,
> > but it doesn't give me an error message on loading the page - as it
> > would when I try to use a token tag that doesn't exist - such as {%
> > faketokentag %}. Of course, because the csrf token tag doesn't
> > create any output (in the HTML source generated) when the form is
> > submitted the CSRF error occurs.
> > I'm rendering all such pages with the generic view
> > direct_to_template , which, because it's a generic view, the
> > documentation suggests should just work with CSRF.
> > Does anyone have any suggestions?
>
> > Thank you,
> > Erik
>
> > --
> > You received this message because you are subscribed to the Google Groups
> > "Django users" group.
> > To post to this group, send email to django-users@googlegroups.com.
> > To unsubscribe from this group, send email to
> > django-users+unsubscribe@googlegroups.com<django-users%2Bunsubscribe@google groups.com>
> > .
> > For more options, visit this group at
> >http://groups.google.com/group/django-users?hl=en.
--
You received this message because you are subscribed to the Google Groups "Django users" group.
To post to this group, send email to django-users@googlegroups.com.
To unsubscribe from this group, send email to django-users+unsubscribe@googlegroups.com.
For more options, visit this group at http://groups.google.com/group/django-users?hl=en.
No comments:
Post a Comment