MIDDLEWARE_CLASSES = (
'django.middleware.csrf.CsrfViewMiddleware',
'django.middleware.common.CommonMiddleware',
'django.contrib.sessions.middleware.SessionMiddleware',
'django.contrib.auth.middleware.AuthenticationMiddleware',
'django.contrib.messages.middleware.MessageMiddleware',
)
url(r'^comments/', include('django.contrib.comments.urls')),
url(r'^entry/(?P<pk>\d+)/comment', 'rp2.views.entry_comment_add'),
@csrf_protect #does not matter if this is here or not
def entry_comment_add(request, pk):
entry = models.Entry.objects.get(pk=pk)
assert isinstance(entry, models.Entry)
return render(request, 'entry_comment_popup.html', {'entry':entry})
{% extends 'head-plain.html' %}
<!-- entry_comment_popup.html -->
{% load comments %}
{% block content %}
{% render_comment_form for entry %}
{% endblock %}
The HTML looks like it has the csrf security_hash in the proper place:
<form action="/comments/post/" method="post"> <div><input type="hidden" name="object_pk" value="28" id="id_object_pk" /></div> <div><input type="hidden" name="timestamp" value="1340899354" id="id_timestamp" /></div> <div><input type="hidden" name="security_hash" value="6e85e1c846861c80575ce435b21a855706725b00" id="id_security_hash" /></div>
...
You received this message because you are subscribed to the Google Groups "Django users" group.
To view this discussion on the web visit https://groups.google.com/d/msg/django-users/-/TDG0eAHHlkkJ.
To post to this group, send email to django-users@googlegroups.com.
To unsubscribe from this group, send email to django-users+unsubscribe@googlegroups.com.
For more options, visit this group at http://groups.google.com/group/django-users?hl=en.
No comments:
Post a Comment