Hey, I've also struggled with CSRF for a while. Maybe I can give you some guidance.
> you need to ensure: > > •The view function uses RequestContext for the template, instead of > Context. > •In the template, there is a {% csrf_token %} template tag inside each > POST form that targets an internal URL. > •If you are not using CsrfViewMiddleware, then you must use > csrf_protect on any views that use the csrf_token template tag, as > well as those that accept the POST data. > You're seeing the help section of this page because you have DEBUG = > True in your Django settings file. Change that to False, and only the > initial error message will be displayed. > Have you checked each item mentioned by the error report ? > > <form action="/polls/uploadfile/" method="POST" enctype="multipart/ > form-data"> Add {% crsf_token %} directly after the opening form tag. > > return render_to_response('polls/uploadfile.html', {'form': > form}) > You must always a ContextRequest like this: from django.template import RequestContext return render_to_response('polls/uploadfile.html', {'form':form}, context_instance=RequestContext(your_request_var)) If you are still stuck I can advise you to read the following article: http://andrew.io/weblog/2010/01/django-piston-and-handling-csrf-tokens Good luck! -- You received this message because you are subscribed to the Google Groups "Django users" group. To post to this group, send email to django-users@googlegroups.com. To unsubscribe from this group, send email to django-users+unsubscr...@googlegroups.com. For more options, visit this group at http://groups.google.com/group/django-users?hl=en.