That's because you have to use {% csrf_token %} instead of {{ ... }} in
your template code. Confusing, perhaps, but have encountered it several
times myself.
Regards,
Menno
On 11/04/2010 11:10 AM, Erik Cederstrand wrote:
Hi,
I have a view that creates a login page. I use the @csrf_protect decorator on
my view and {{csrf_token}} tag in the template, and the generated response
contains the csrf token. The problem is that the token is printed as-is instead
of being enclosed i a hidden element, as I understand it's supposed to. Any
ideas why?
My view:
from django.contrib.auth.forms import AuthenticationForm
from django.template import RequestContext, loader
[...]
@csrf_protect
def login(response):
t = loader.get_template('base/login.html')
form = AuthenticationForm()
c = RequestContext(request, {
'errormsg': errormsg,
'form': form,
})
return HttpResponse(t.render(c))
My template:
<form action="/login/" method="post">{{ csrf_token }}
<table>{{ form.as_table }}</table>
<p><input type="submit" value="Log ind" /></p>
</form>
The generated HTML is:
<form action="/login/" method="post">1a3130639851sd8f768b154ba4142d57c8
<table><tr><th><label for="id_username">Brugernavn:</label></th><td><input id="id_username" type="text"
name="username" maxlength="30" /></td></tr>
<tr><th><label for="id_password">Adgangskode:</label></th><td><input type="password" name="password"
id="id_password" /></td></tr></table>
<p><input type="submit" value="Log ind" /></p>
</form>
Thanks,
Erik
--
You received this message because you are subscribed to the Google Groups "Django
users" group.
To post to this group, send email to django-us...@googlegroups.com.
To unsubscribe from this group, send email to
django-users+unsubscr...@googlegroups.com.
For more options, visit this group at
http://groups.google.com/group/django-users?hl=en.
