The "security_hash" field that you see is part of the comments app, and is not the CSRF token. That needs to be output by a {% csrf_token %} tag (or its equivalent). If it's working, you should see another hidden input field, which looks like this:<div style="display:none"><input type="hidden" name="csrfmiddlewaretoken" value="36d43c1652d5676d6d411950e077ee aa1cc1f799"/> </div>The comments app normally does that automatically -- it's part of django/contrib/comments/templates/form.html -- Are you overriding the comment form in your own app? If so, you need to include the call to {% csrf_token %} yourself.
I am not overriding, at least not deliberately.
django/contrib/comments/templates/form.html has:
{% load comments i18n %}
<form action="{% comment_form_target %}" method="post">{% csrf_token %}
I render my form with:
{% render_comment_form for entry %}
---------------
I should note it did work when I first added it to the application. It broke after I added pybbm. I've since removed pybbm (it is maintained and broken), but comments
started getting csrf errors.
-- You received this message because you are subscribed to the Google Groups "Django users" group.
To view this discussion on the web visit https://groups.google.com/d/msg/django-users/-/pykynQInFVUJ.
To post to this group, send email to django-users@googlegroups.com.
To unsubscribe from this group, send email to django-users+unsubscribe@googlegroups.com.
For more options, visit this group at http://groups.google.com/group/django-users?hl=en.
No comments:
Post a Comment