Hi, I have a view that creates a login page. I use the @csrf_protect decorator on my view and {{csrf_token}} tag in the template, and the generated response contains the csrf token. The problem is that the token is printed as-is instead of being enclosed i a hidden element, as I understand it's supposed to. Any ideas why?
My view: from django.contrib.auth.forms import AuthenticationForm from django.template import RequestContext, loader [...] @csrf_protect def login(response): t = loader.get_template('base/login.html') form = AuthenticationForm() c = RequestContext(request, { 'errormsg': errormsg, 'form': form, }) return HttpResponse(t.render(c)) My template: <form action="/login/" method="post">{{ csrf_token }} <table>{{ form.as_table }}</table> <p><input type="submit" value="Log ind" /></p> </form> The generated HTML is: <form action="/login/" method="post">1a3130639851sd8f768b154ba4142d57c8 <table><tr><th><label for="id_username">Brugernavn:</label></th><td><input id="id_username" type="text" name="username" maxlength="30" /></td></tr> <tr><th><label for="id_password">Adgangskode:</label></th><td><input type="password" name="password" id="id_password" /></td></tr></table> <p><input type="submit" value="Log ind" /></p> </form> Thanks, Erik
smime.p7s
Description: S/MIME cryptographic signature