I apologize for not responding sooner!
This line:
return render_to_response('about.html',
context_instance=RequestContext(request))
helped immensely! so in order for the render response method to work it has
to have some sort of data/context of data passed along with it? I'm still
trying to think about that.
Also if I add:
<form action="." method="post">{% csrf_token %}
the csrf token right after my form it seems to work like a charm!
I've actually started a new thread under: Form 'POST' to a
database<https://groups.google.com/forum/?fromgroups#!topic/django-users/0VOftONfdW0>
because I'm trying to understand exactly how once the html form using POST
is submitted how that propagates through and into my database.
I think that's the real issue here. This CSRF issue really not that
important currently because it's just a security/setting issue. It just
protects againist the issue of data not coming from the context of the
request and from elsewhere on the internet! Not good but not a major
priority for me right now.
Thanks,
JJ
On Tuesday, July 10, 2012 2:36:17 AM UTC-4, Sergey Fursov wrote:
>
> as described in error message your view function have to use
> RequestContext<http://docs.djangoproject.com/en/dev/ref/templates/api/#subclassing-context-requestcontext>
> for
> the template, instead of Context.
> your view should looks like
>
> def about(request):
> if request.method == 'POST':
> return HttpResponseRedirect('/about/')
> elif request.method == 'GET':
> return render_to_response('about.html',
> context_instance=RequestContext(request))
> else:
> raise Http404()
>
> note that you redirect (HttpResponseRedirect) to url, but
> render (render_to_response) template with context
>
> also I changed action for form in tempalte to /about/ to handle POST and
> GET requests in same view
>
> hope this helps
>
> 2012/7/10 JJ Zolper <[email protected]>
>
>> Here is the error I received with debug set to true for Django:
>>
>> Forbidden (403)
>>
>> CSRF verification failed. Request aborted.
>> Help
>>
>> Reason given for failure:
>>
>> CSRF token missing or incorrect.
>>
>>
>> In general, this can occur when there is a genuine Cross Site Request
>> Forgery, or when Django's CSRF
>> mechanism<http://docs.djangoproject.com/en/dev/ref/contrib/csrf/#ref-contrib-csrf>
>> has
>> not been used correctly. For POST forms, you need to ensure:
>>
>> - The view function uses
>> RequestContext<http://docs.djangoproject.com/en/dev/ref/templates/api/#subclassing-context-requestcontext>
>> for
>> the template, instead of Context.
>> - In the template, there is a {% csrf_token %} template tag inside
>> each POST form that targets an internal URL.
>> - If you are not using CsrfViewMiddleware, then you must use
>> csrf_protect on any views that use the csrf_token template tag, as
>> well as those that accept the POST data.
>>
>> You're seeing the help section of this page because you have DEBUG = True in
>> your Django settings file. Change that to False, and only the initial
>> error message will be displayed.
>>
>> You can customize this page using the CSRF_FAILURE_VIEW setting.
>>
>>
>> I'm wondering if this is caused because I don't have a redirect page for
>> my 'POST' HTML submit.
>>
>> Now my code...
>>
>> URLCONF:
>>
>> from django.conf.urls.defaults import patterns, include, url
>>
>> from MadTrak.manageabout.views import about, about_form
>>
>>
>> # Uncomment the next two lines to enable the admin:
>>
>> from django.contrib import admin
>>
>> admin.autodiscover()
>>
>>
>> urlpatterns = patterns('',
>>
>>
>> (r'^about_form/', about_form),
>>
>> (r'^about/', about),
>>
>>
>> # Examples:
>>
>> # url(r'^$', 'MadTrak.views.home', name='home'),
>>
>> # url(r'^MadTrak/', include('MadTrak.foo.urls')),
>>
>>
>> ## url(r'^$', 'MadTrak.views.home', name='home'), with a view named home
>>
>> ## url(r'^listen/', 'MadTrak.views.home', name='home'), with a view named
>> home
>>
>> ## url(r'^home/', 'MadTrak.views.home', name='home'), with a view named
>> home
>>
>>
>> # Uncomment the admin/doc line below to enable admin documentation:
>>
>> # url(r'^admin/doc/', include('django.contrib.admindocs.urls')),
>>
>>
>> # Uncomment the next line to enable the admin:
>>
>> url(r'^admin/', include(admin.site.urls)),
>>
>> )
>>
>>
>> views.py in my manageabout app:
>>
>> from django.http import HttpResponseRedirect
>>
>> from django.shortcuts import render_to_response
>>
>> from MadTrak.manageabout.models import AboutMadtrak
>>
>>
>> def about_form(request):
>>
>> return render_to_response('about_form.html')
>>
>>
>> def about(request):
>>
>> if request.method == 'POST':
>>
>> # do_something_for_post()
>>
>> return HttpResponseRedirect('about.html')
>>
>> elif request.method == 'GET':
>>
>> return render_to_response('/')
>>
>> else:
>>
>> raise Http404()
>>
>>
>> model where i tried to set up my database to recieve the information
>> posted:
>>
>> from django.db import models
>>
>>
>> class AboutMadtrak(models.Model):
>>
>> name = models.CharField(max_length=30)
>>
>> title = models.CharField(max_length=60)
>>
>> bio = models.CharField(max_length=200)
>>
>> website = models.URLField()
>>
>>
>> def __unicode__(self):
>>
>> return self.nam
>>
>>
>> my template for the about form submission:
>>
>>
>> <html>
>>
>> <title>About-Form</title>
>>
>> <head>
>>
>>
>> </head>
>>
>> <body>
>>
>>
>> MadTrak About Page, Yo!
>>
>>
>> <p></p>
>>
>>
>> <form action="/about_form/" method="post">
>>
>> {% csrf_token %}
>>
>> <p>Name: <input type="text" name="name" value=""></p>
>>
>> <p>Title: <input type="text" name="title" value=""></p>
>>
>> <p>Bio: <textarea name="bio" rows="10" cols="50"></textarea></p>
>>
>> <p>Website: <input type="text" name="website" value=""></p>
>>
>> <input type="submit" value="Submit">
>>
>> </form>
>>
>>
>> </body>
>>
>> </html>
>>
>>
>>
>> In conclusion I am fairly new to even 'POST' and 'GET' operations so I
>> apologize haha. Anyways, I see the CSRF error and I was confused because i
>> recall that having to do with security? An open operation from submission
>> to a redirect page? I'm not sure.
>>
>> All I wanted to accomplish was to be able to post the data in that
>> template and see the result in my in my MadTrak database. That's it. Just
>> see the data as an item in my database. Any help is welcomed as I try to
>> iron this out!
>>
>> Cheers to all the Django developers out there!
>>
>> JJ Zolper
>>
>> --
>> You received this message because you are subscribed to the Google Groups
>> "Django users" group.
>> To view this discussion on the web visit
>> https://groups.google.com/d/msg/django-users/-/DChOPlS2aAsJ.
>> To post to this group, send email to [email protected].
>> To unsubscribe from this group, send email to
>> [email protected].
>> For more options, visit this group at
>> http://groups.google.com/group/django-users?hl=en.
>>
>
>
--
You received this message because you are subscribed to the Google Groups
"Django users" group.
To view this discussion on the web visit
https://groups.google.com/d/msg/django-users/-/hihBHIXzQ6EJ.
To post to this group, send email to [email protected].
To unsubscribe from this group, send email to
[email protected].
For more options, visit this group at
http://groups.google.com/group/django-users?hl=en.
