Hi,
I have a view that creates a login page. I use the @csrf_protect decorator on
my view and {{csrf_token}} tag in the template, and the generated response
contains the csrf token. The problem is that the token is printed as-is instead
of being enclosed i a hidden element, as I understand it's supposed to. Any
ideas why?
My view:
from django.contrib.auth.forms import AuthenticationForm
from django.template import RequestContext, loader
[...]
@csrf_protect
def login(response):
t = loader.get_template('base/login.html')
form = AuthenticationForm()
c = RequestContext(request, {
'errormsg': errormsg,
'form': form,
})
return HttpResponse(t.render(c))
My template:
<form action="/login/" method="post">{{ csrf_token }}
<table>{{ form.as_table }}</table>
<p><input type="submit" value="Log ind" /></p>
</form>
The generated HTML is:
<form action="/login/" method="post">1a3130639851sd8f768b154ba4142d57c8
<table><tr><th><label for="id_username">Brugernavn:</label></th><td><input
id="id_username" type="text" name="username" maxlength="30" /></td></tr>
<tr><th><label for="id_password">Adgangskode:</label></th><td><input
type="password" name="password" id="id_password" /></td></tr></table>
<p><input type="submit" value="Log ind" /></p>
</form>
Thanks,
Erik
smime.p7s
Description: S/MIME cryptographic signature
