I am getting the CSRF failure in Django and no articles are working. It says it's used for posts like I remember, and it is included in the form, but not in a form tag.
settings.py
MIDDLEWARE = [
'django.middleware.security.SecurityMiddleware',
'django.contrib.sessions.middleware.SessionMiddleware',
'django.middleware.common.CommonMiddleware',
'django.middleware.csrf.CsrfViewMiddleware',
'django.contrib.auth.middleware.AuthenticationMiddleware',
'django.contrib.messages.middleware.MessageMiddleware',
'django.middleware.clickjacking.XFrameOptionsMiddleware',
]
login.html
{% extends 'base.html' %}
{% block body_block %}
<h1>Login</h1>
<form id="login_form" method="post" action="{% url 'accounts:login' %}">
{% csrf_token %}
<div class="input-group input-group-md">
<span class="input-group-addon">Username</span>
<input type="text"class="form-control" placeholder="Username" aria-describedby="basic-addon2" name="username" value="" size="50" />
</div>
<br>
<div class="input-group input-group-md">
<span class="input-group-addon">Password</span>
<input class="form-control" placeholder="Password" aria-describedby="basic-addon2" type="password" name="password" value="" size="50" />
</div>
<br>
<div class="input-group input-group-md">
<input class="btn btn-default navbar-btn" type="submit" value="Submit" />
</div>
</form>
<br /><br />
<a style="font-size:22px;" href="/accounts/register/">Need to make a new account?</a>
{% endblock %}
{% block buttons %}
{% endblock %}
views.py:
def user_login(request):
context = RequestContext(request)
if request.method == 'POST':
form = LoginForm(request.POST)
username = request.POST['username']
password = request.POST['password']
user = authenticate(username=username, password=password)
if user:
if user.is_active:
login(request, user)
return redirect('bookmarks:silo')
else:
return HttpResponse("Your Sitename account is disabled.")
else:
return render_to_response('accounts/login.html', locals(), context)
else:
template_name = 'accounts/login.html'
return render_to_response('accounts/login.html', locals(), context)
Why is this csrf token not working?
-
1Which version of django you are using??Prakhar Trivedi– Prakhar Trivedi2017年02月01日 06:00:24 +00:00Commented Feb 1, 2017 at 6:00
1 Answer 1
You need to use RequestContext with parameter context_instance like this :
def user_login(request):
context = RequestContext(request)
if request.method == 'POST':
form = LoginForm(request.POST)
username = request.POST['username']
password = request.POST['password']
user = authenticate(username=username, password=password)
if user:
if user.is_active:
login(request, user)
return redirect('bookmarks:silo')
else:
return HttpResponse("Your Sitename account is disabled.")
else:
return render_to_response('accounts/login.html', context_instance = context, locals(), )
else:
template_name = 'accounts/login.html'
return render_to_response('accounts/login.html', context_instance = context, locals(), context)
One more thing, context_instance is deprecated since Django 1.8. You can just use :
return render(request,'accounts/login.html', locals())
answered Feb 1, 2017 at 5:56
Prakhar Trivedi
8,5563 gold badges30 silver badges36 bronze badges
Sign up to request clarification or add additional context in comments.
Comments
lang-py