Did you add the context_instance parameter in the render_to_reponse function call. It's needed for CSRF to work.
For example: return render_to_response('blog/index.html', {'posts': posts}, context_instance=RequestContext(req))
Regards,
Jonas.
Op 30-aug-2010, om 20:46 heeft Erik het volgende geschreven:
> Hi Django Users-
> I'm having trouble with the {% csrf_token %} tag.
> On my site I have a regular login view / page / url, which uses
> the django contrib registration app. I include the CSRF token in my
> login template and it works fine.
> I'd also like a little login box in the corner of every page,
> which will either show a login form or a "you're logged in!" message
> depending on whether the user is logged in. So, I wrote a little form
> into my base.html template that other templates inherit from; and I
> stuck the {% csrf_token %} tag in there as well.
> The part I don't understand is, if I load the login url in the
> browser ( mysite.com/login/ ) both forms work, I can login with them,
> and when I view the source the CSRF token tag has put a hidden field
> into my form.
> However, when I'm on any other page - for example the front page
> - the token tag just leaves a blank space and doesn't output anything,
> but it doesn't give me an error message on loading the page - as it
> would when I try to use a token tag that doesn't exist - such as {%
> faketokentag %}. Of course, because the csrf token tag doesn't
> create any output (in the HTML source generated) when the form is
> submitted the CSRF error occurs.
> I'm rendering all such pages with the generic view
> direct_to_template , which, because it's a generic view, the
> documentation suggests should just work with CSRF.
> Does anyone have any suggestions?
>
> Thank you,
> Erik
>
> --
> You received this message because you are subscribed to the Google Groups "Django users" group.
> To post to this group, send email to django-users@googlegroups.com.
> To unsubscribe from this group, send email to django-users+unsubscribe@googlegroups.com.
> For more options, visit this group at http://groups.google.com/group/django-users?hl=en.
>
Met vriendelijke groeten,
Jonas Geiregat
jonas@geiregat.org
--
You received this message because you are subscribed to the Google Groups "Django users" group.
To post to this group, send email to django-users@googlegroups.com.
To unsubscribe from this group, send email to django-users+unsubscribe@googlegroups.com.
For more options, visit this group at http://groups.google.com/group/django-users?hl=en.
No comments:
Post a Comment