On Fri, Jun 25, 2010 at 10:48 AM, Li Hui <l...@garena.com> wrote: > When I add enctype="text/plain" to a post form like <form action="/ > auth" > method="post" enctype="text/plain">, there is a "CSRF verification > failed." error. > But when I remove it, all is right. > Who can tell me why? >
Because that is not how HTML user agents work. The post parameters are not encoded in a format that the server can understand, and so there is no CSRF token found, hence the error. http://www.w3.org/TR/html401/interact/forms.html#h-17.3 Use either "application/x-www-form-urlencoded", which is the default value if you omit enctype. Use "multipart/form-data" if you have file inputs in your form. Cheers Tom -- You received this message because you are subscribed to the Google Groups "Django users" group. To post to this group, send email to django-us...@googlegroups.com. To unsubscribe from this group, send email to django-users+unsubscr...@googlegroups.com. For more options, visit this group at http://groups.google.com/group/django-users?hl=en.