Thursday, June 28, 2012

'CSRF verification failed." from django.contrib.comments. can you help solve it? django 1.3

I'm using django.contrib.comments and get 'CSRF token missing or incorrect.' when previewing or submitting a comment.  I have:


url(r'^comments/',              include('django.contrib.comments.urls')),
url(r'^entry/(?P<pk>\d+)/comment',      'rp2.views.entry_comment_add'),

@csrf_protect  #does not matter if this is here or not
def entry_comment_add(request, pk):
    entry = models.Entry.objects.get(pk=pk)
    assert isinstance(entry, models.Entry)
    return render(request, 'entry_comment_popup.html', {'entry':entry})

{% extends 'head-plain.html' %}
<!-- entry_comment_popup.html -->
{% load comments %}
{% block content %}
{% render_comment_form for entry %}
{% endblock %}

The HTML looks like it has the csrf security_hash in the proper place:

<form action="/comments/post/" method="post">        <div><input type="hidden" name="object_pk" value="28" id="id_object_pk" /></div>        <div><input type="hidden" name="timestamp" value="1340899354" id="id_timestamp" /></div>        <div><input type="hidden" name="security_hash" value="6e85e1c846861c80575ce435b21a855706725b00" id="id_security_hash" /></div>

You received this message because you are subscribed to the Google Groups "Django users" group.
To view this discussion on the web visit
To post to this group, send email to
To unsubscribe from this group, send email to
For more options, visit this group at

No comments:

Post a Comment