Comments in several places inline below:
> Thanks for the response... I opened the *rendered* source page in Mozilla
> and couldn't find the csrf_token even though I had already added the { %
> csrf_token %} . Something seems wrong. Any suggestions moving forward ?
>
>
You should be seeing a hidden element after your opening <form> tag that
replaces the {% csrf_token %} that looks something like this:
<input name="csrfmiddlewaretoken" value="Pm1X5O8teUDDU6WCzjP13fBzlrcoLLXZ"
type="hidden">
If you aren't seeing that, chances are your form submission is not going to
work since the CSRF token isn't being generated properly.
On Sat, Sep 12, 2015 at 12:56 AM, James Schneider <jrschneide...@gmail.com>
> wrote:
>
>> In the rendered version sent to the browser, are you able to validate
>> that the CSRF token is actually being created and inserted as a hidden
>> element in your form?
>>
>> Also, it doesn't look like any of your buttons are marked as type=submit.
>> Not sure if that matters when submitting via JS though.
>>
>> -James
>> On Sep 11, 2015 7:56 PM, "Kevin Anyanwu" <kanya...@fonality.com> wrote:
>>
>>> Can anyone help ?
>>>
>>> On Thu, Sep 10, 2015 at 8:34 PM, Kevin Anyanwu <kanya...@fonality.com>
>>> wrote:
>>>
>>>> base_1.html
>>>>
>>>>
>>> <!DOCTYPE html>
>>>> <html lang="en">
>>>> <head>
>>>> <meta http-equiv="content-type" content="text/html; charset=UTF-8">
>>>> <meta charset="utf-8">
>>>> <title>goals</title>
>>>> <meta name="generator" content="Bootply" />
>>>> <meta name="viewport" content="width=device-width, initial-scale=1,
>>>> maximum-scale=1">
>>>>
>>>> <!--[if lt IE 9]>
>>>> <script src="//html5shim.googlecode.com/svn/trunk/html5.js
>>>> "></script>
>>>> <![endif]-->
>>>> <!-- Custom CSS -->
>>>> <link href="../../static/css/app.css" rel="stylesheet">
>>>>
>>>> </head>
>>>> <body>
>>>>
>>>> <div id="menu" class="default">
>>>> <ul>
>>>> <li><a href="#">Cirriculmn</a></li>
>>>> <li><a href="#">Notes</a></li>
>>>> <li><a href="#">Collaborte</a></li>
>>>> </div>
>>>>
>>>>
>>>> <!-- script references -->
>>>> <script type="text/javascript" src="jquery.min.js"
>>>> charset="utf-8"></script>
>>>> <script src="//
>>>> ajax.googleapis.com/ajax/libs/jquery/2.0.2/jquery.min.js"></script>
>>>> <script src="../../static/assets/js/bootstrap.min.js"></script>
>>>> <script src="../../static/assets/js/menubar.js"></script>
>>>> </body>
>>>> </html>
>>>>
>>>> On Thu, Sep 10, 2015 at 8:49 AM, monoBOT <monobot.s...@gmail.com>
>>>> wrote:
>>>>
>>>>> show us the base_1.html
>>>>>
>>>>>
Are you sure that base_1.html template is correct? There is no reference to
a <form> anywhere in that template. There's also no obvious reference to
any JS files that would run the submit function that you are talking about.
Are you inserting the form via JS? If so, you'll need to manually populate
the CSRF hidden input and/or include the CSRF token in your AJAX response
headers. Django won't do this for you unless you specifically write a view
to generate the HTML on the server side and send it as a response to an
AJAX request, which doesn't appear to be the case.
> 2015-09-10 16:18 GMT+01:00 <kanya...@fonality.com>:
>>>>>
>>>>>> By the way, I am using Django 1.8.3 (final)
>>>>>>
>>>>>>
>>>>>> On Thursday, September 10, 2015 at 8:16:11 AM UTC-7,
>>>>>> kany...@fonality.com wrote:
>>>>>>>
>>>>>>> First of all I have done my research and found no reasonable
>>>>>>> explanation for my issue. I have a site on heroku that works fine on the
>>>>>>> first page, but when I click a button that I have programmed to go to
>>>>>>> another page, I obtain the infamous CSRF error. The reason for this
>>>>>>> error
>>>>>>> is CSRF cookie is not set. Here is a description of the background work
>>>>>>> done on the dev side:
>>>>>>>
>>>>>>> 1. Settings.py
>>>>>>>
>>>>>>> MIDDLEWARE_CLASSES = (
>>>>>>> 'django.contrib.sessions.middleware.SessionMiddleware',
>>>>>>> 'django.middleware.common.CommonMiddleware',
>>>>>>> 'django.middleware.csrf.CsrfViewMiddleware',
>>>>>>> 'django.contrib.auth.middleware.AuthenticationMiddleware',
>>>>>>> 'django.contrib.auth.middleware.SessionAuthenticationMiddleware',
>>>>>>> 'django.contrib.messages.middleware.MessageMiddleware',
>>>>>>> 'django.middleware.clickjacking.XFrameOptionsMiddleware',
>>>>>>> #'django.middleware.security.SecurityMiddleware',
>>>>>>> 'django.middleware.csrf.CsrfViewMiddleware',
>>>>>>> )
>>>>>>>
>>>>>>
One other thing I noticed is that you
have 'django.middleware.csrf.CsrfViewMiddleware' defined twice in
MIDDLEWARE_CLASSES. Not sure if that is related, but you should remove the
bottom entry anyway.
>
>>>>>>> 2. base.py
>>>>>>>
>>>>>>> <form class="col-lg-12" method = "post" id="loginform" action=
>>>>>>> "/menu/">
>>>>>>> {% csrf_token %}
>>>>>>>
>>>>>>> <div class="input-group" style="width:
>>>>>>> 65%;0px;text-align:center;margin:0 auto;">
>>>>>>> <input class="form-control input-lg" title="Don't worry.
>>>>>>> We hate spam, and will not share your email with anyone."
>>>>>>> placeholder="Email address" type="text">
>>>>>>> </div>
>>>>>>> <br>
>>>>>>> <div class="input-group" style="width:
>>>>>>> 65%;0px;text-align:center;margin:0 auto;">
>>>>>>> <input class="form-control input-lg" title="Don't
>>>>>>> worry. We hate spam, and will not share your email with anyone."
>>>>>>> placeholder="Password" type="text">
>>>>>>> </div>
>>>>>>> <br>
>>>>>>> <br>
>>>>>>>
>>>>>>> <button class="btn btn-lg btn-primary" style = "width:
>>>>>>> 100px" type="button" onClick ="logIn();">Log In</button>
>>>>>>>
>>>>>>> <br><br>
>>>>>>>
>>>>>>> </form>
>>>>>>>
>>>>>>
Where exactly is base.py used? None of your other code that you've posted
references it. You'll need to make sure that you are invoking the template
engine using RequestContext if you want the {% csrf_token %} tag to work.
Also, base.py appears to be entirely made up of HTML?? Did you mean
base.html here?
>
>>>>>>> 3. views.py
>>>>>>>
>>>>>>> def menu(request):
>>>>>>>
>>>>>>> return render_to_response('home/base_1.html', context_instance =
>>>>>>> RequestContext(request, {}) )
>>>>>>>
>>>>>>>
Is there another view in play? This view uses base_1.html, but as I
mentioned earlier, base_1.html doesn't have any form references. It also
won't do anything with the data submitted in the form.
> 4. javascript for the function logIn() that is executed when the button is
>>>>>>> clicked from (2)
>>>>>>>
>>>>>>>
>>>>>>> function logIn ()
>>>>>>> {
>>>>>>> alert('Form has been submitted');
>>>>>>> document.getElementById('loginform').submit();
>>>>>>> }
>>>>>>>
>>>>>>
I think this will work, but as an end-user, I despise any site that makes
use of alert(). Just sayin'...
>>>>>>>
>>>>>>
>>>>>>> I am seriously bewildered and cannot understand why the base_1.html
>>>>>>> site is not being rendered and I am getting this CSRF error ! Please
>>>>>>> help
>>>>>>> me,
>>>>>>>
>>>>>>
So am I. Can you post the urls.py, views.py, forms.py, models.py, and
related templates for the form page? That is likely where your problem lies
(since the issue appears to be related to submitting the form, so the
landing page can be taken out of the equation for now).
Also, this page may be a good reference for CSRF issues if you haven't seen
it already: https://docs.djangoproject.com/en/1.8/ref/csrf/
-James
--
You received this message because you are subscribed to the Google Groups
"Django users" group.
To unsubscribe from this group and stop receiving emails from it, send an email
to django-users+unsubscr...@googlegroups.com.
To post to this group, send email to django-users@googlegroups.com.
Visit this group at http://groups.google.com/group/django-users.
To view this discussion on the web visit
https://groups.google.com/d/msgid/django-users/CA%2Be%2BciUjrApK1%2BX2%3DaWVw4QRRnwJCssyiz9s%3DhDqoMgESGquAA%40mail.gmail.com.
For more options, visit https://groups.google.com/d/optout.
