On Thu, Jun 28, 2012 at 9:14 AM, brycenesbitt <digitalbitstr...@gmail.com> wrote:
> I'm using django.contrib.comments and get 'CSRF token missing or > incorrect.' when previewing or submitting a comment. I have: ... The HTML looks like it has the csrf security_hash in the proper place: > <form action="/comments/post/" method="post"> > <div><input type="hidden" name="object_pk" value="28" id="id_object_pk" > /></div> > <div><input type="hidden" name="timestamp" value="1340899354" id=" > id_timestamp" /></div> > <div><input type="hidden" name="security_hash" value=" > 6e85e1c846861c80575ce435b21a855706725b00" id="id_security_hash" /></div> > ... The "security_hash" field that you see is part of the comments app, and is not the CSRF token. That needs to be output by a {% csrf_token %} tag (or its equivalent). If it's working, you should see another hidden input field, which looks like this: <div style="display:none"> <input type="hidden" name="csrfmiddlewaretoken" value="36d43c1652d5676d6d411950e077eeaa1cc1f799"/> </div> The comments app normally does that automatically -- it's part of django/contrib/comments/templates/form.html -- Are you overriding the comment form in your own app? If so, you need to include the call to {% csrf_token %} yourself. @csrf_protect #does not matter if this is here or not > No, if you have the CSRFViewMiddleware installed, then you don't need this line at all. -- Regards, Ian Clelland <clell...@gmail.com> -- You received this message because you are subscribed to the Google Groups "Django users" group. To post to this group, send email to django-users@googlegroups.com. To unsubscribe from this group, send email to django-users+unsubscr...@googlegroups.com. For more options, visit this group at http://groups.google.com/group/django-users?hl=en.