Re: Problem with csrf
I'm not sure it absolutely needs fixing. There may be times that you don't need to use an HttpRequest but may need csrf protection in a view. Maybe? I don't know, but at least maybe under step 3.1 they should make the first word RequestContext a link to https://docs.djangoproject.com/en/dev/ref/templates/api/#subclassing-context-requestcontext for people working off the docs like you did. On Wednesday, June 12, 2013 9:03:55 PM UTC-4, Nick Dokos wrote: > > MattDale > writes: > > > You are correct in assuming that your first view using > > render_to_response shouldn't work without sending a RequestContext in. > > > A much cleaner way is just to use the render function. > > https://docs.djangoproject.com/en/dev/topics/http/shortcuts/#render > > which takes a lot of typing out of the typical render_to_response with > > RequestContext. > > > > OK - thanks! I tried the render() approach and it works fine. I'll be > using that one. > > There is still the question of whether the doc needs fixing. I take it > you are saying that it does? > -- > Nick > > -- You received this message because you are subscribed to the Google Groups "Django users" group. To unsubscribe from this group and stop receiving emails from it, send an email to django-users+unsubscr...@googlegroups.com. To post to this group, send email to django-users@googlegroups.com. Visit this group at http://groups.google.com/group/django-users?hl=en. For more options, visit https://groups.google.com/groups/opt_out.
Re: Problem with csrf
MattDale writes: > You are correct in assuming that your first view using > render_to_response shouldn't work without sending a RequestContext in. > A much cleaner way is just to use the render function. > https://docs.djangoproject.com/en/dev/topics/http/shortcuts/#render > which takes a lot of typing out of the typical render_to_response with > RequestContext. > OK - thanks! I tried the render() approach and it works fine. I'll be using that one. There is still the question of whether the doc needs fixing. I take it you are saying that it does? -- Nick -- You received this message because you are subscribed to the Google Groups "Django users" group. To unsubscribe from this group and stop receiving emails from it, send an email to django-users+unsubscr...@googlegroups.com. To post to this group, send email to django-users@googlegroups.com. Visit this group at http://groups.google.com/group/django-users?hl=en. For more options, visit https://groups.google.com/groups/opt_out.
Re: Problem with csrf
You are correct in assuming that your first view using render_to_response
shouldn't work without sending a RequestContext in.
A much cleaner way is just to use the render function.
https://docs.djangoproject.com/en/dev/topics/http/shortcuts/#render
which takes a lot of typing out of the typical render_to_response with
RequestContext.
On Wednesday, June 12, 2013 8:23:40 PM UTC-4, Nick Dokos wrote:
>
> I have a simple application and it DTRT before turning on CSRF
> (this is on Django 1.5.1). So I tried to follow the documentation
> to turn on CSRF detection and was getting intro trouble.
>
> First I tried to follow this page:
>
>https://docs.djangoproject.com/en/1.5/ref/contrib/csrf/
>
> I did steps 1 and 2 (uncommenting the csrf middleware in
> MIDDLEWARE_CLASSES and adding {% csrf_token %} to my (one and only)
> POST form) and then tried step 3.2:
>
> --8<---cut here---start->8---
> from django.core.context_processors import csrf
> from django.shortcuts import render_to_response
>
> def my_view(request):
> c = {}
> c.update(csrf(request))
> # ... view code here
> return render_to_response("a_template.html", c)
> --8<---cut here---end--->8---
>
> where I added my dictionary entries to c before passing it to
> render_to_response.
>
> That did not work - the development server said:
>
> ,
> |
> /usr/local/lib/python2.7/dist-packages/django/template/defaulttags.py:58:
> | UserWarning: A {% csrf_token %} was used in a template, but the context
> | did not provide the value. This is usually caused by not using
> | RequestContext.
> |
> | warnings.warn("A {% csrf_token %} was used in a template, but the
> | context did not provide the value. This is usually caused by not
> | using RequestContext.")
> `
>
> I tried step 3.2, instead of step 3.1, because the page above did not
> contain enough detail for me to figure out how to use RequestContext and
> I was too lazy to type it into the search box: I was suitably punished
> for my laziness.
>
> I finally found a different page that described how to use RequestContext:
>
>
> https://docs.djangoproject.com/en/dev/ref/templates/api/#subclassing-context-requestcontext
>
>
> with the following code fragment:
>
> --8<---cut here---start->8---
> from django.shortcuts import render_to_response
> from django.template import RequestContext
>
> def some_view(request):
> # ...
> return render_to_response('my_template.html',
> my_data_dictionary,
> context_instance=RequestContext(request))
> --8<---cut here---end--->8---
>
> I adapted it for my purposes and things are working fine.
>
> The question is: is the first method supposed to work? If so, what am
> I doing wrong? If not, it should be taken out of the documentation.
>
> Also, can a link be added in the first page to get to the second page
> easily?
>
> Thanks!
> --
> Nick
>
>
>
>
--
You received this message because you are subscribed to the Google Groups
"Django users" group.
To unsubscribe from this group and stop receiving emails from it, send an email
to django-users+unsubscr...@googlegroups.com.
To post to this group, send email to django-users@googlegroups.com.
Visit this group at http://groups.google.com/group/django-users?hl=en.
For more options, visit https://groups.google.com/groups/opt_out.
Problem with csrf
I have a simple application and it DTRT before turning on CSRF
(this is on Django 1.5.1). So I tried to follow the documentation
to turn on CSRF detection and was getting intro trouble.
First I tried to follow this page:
https://docs.djangoproject.com/en/1.5/ref/contrib/csrf/
I did steps 1 and 2 (uncommenting the csrf middleware in
MIDDLEWARE_CLASSES and adding {% csrf_token %} to my (one and only)
POST form) and then tried step 3.2:
--8<---cut here---start->8---
from django.core.context_processors import csrf
from django.shortcuts import render_to_response
def my_view(request):
c = {}
c.update(csrf(request))
# ... view code here
return render_to_response("a_template.html", c)
--8<---cut here---end--->8---
where I added my dictionary entries to c before passing it to
render_to_response.
That did not work - the development server said:
,
| /usr/local/lib/python2.7/dist-packages/django/template/defaulttags.py:58:
| UserWarning: A {% csrf_token %} was used in a template, but the context
| did not provide the value. This is usually caused by not using
| RequestContext.
|
| warnings.warn("A {% csrf_token %} was used in a template, but the
| context did not provide the value. This is usually caused by not
| using RequestContext.")
`
I tried step 3.2, instead of step 3.1, because the page above did not
contain enough detail for me to figure out how to use RequestContext and
I was too lazy to type it into the search box: I was suitably punished
for my laziness.
I finally found a different page that described how to use RequestContext:
https://docs.djangoproject.com/en/dev/ref/templates/api/#subclassing-context-requestcontext
with the following code fragment:
--8<---cut here---start->8---
from django.shortcuts import render_to_response
from django.template import RequestContext
def some_view(request):
# ...
return render_to_response('my_template.html',
my_data_dictionary,
context_instance=RequestContext(request))
--8<---cut here---end--->8---
I adapted it for my purposes and things are working fine.
The question is: is the first method supposed to work? If so, what am
I doing wrong? If not, it should be taken out of the documentation.
Also, can a link be added in the first page to get to the second page
easily?
Thanks!
--
Nick
--
You received this message because you are subscribed to the Google Groups
"Django users" group.
To unsubscribe from this group and stop receiving emails from it, send an email
to django-users+unsubscr...@googlegroups.com.
To post to this group, send email to django-users@googlegroups.com.
Visit this group at http://groups.google.com/group/django-users?hl=en.
For more options, visit https://groups.google.com/groups/opt_out.
