Logo Questions Linux Laravel Mysql Ubuntu Git Menu
HTML CSS JAVASCRIPT SQL PYTHON PHP BOOTSTRAP JAVA JQUERY R React Kotlin
 

CSRF Token missing or incorrect

Tags:

Beginner at Django here, I've been trying to fix this for a long time now. I do have 'django.middleware.csrf.CsrfViewMiddleware' in my middleware classes and I do have the token in my post form.

Heres my code, what am I doing wrong?

from django.contrib.auth.forms import UserCreationForm from django.shortcuts import render_to_response from django.http import HttpResponseRedirect from chartsey.authentication.forms import RegistrationForm from django.template import RequestContext from django.core.context_processors import csrf  def register(request):      if request.method == 'POST':         c = RequestContext(request.POST, {})         form = RegistrationForm(c)         if form.is_valid():             new_user = form.save()             return HttpResponseRedirect("/")     else:         form = RegistrationForm()      return render_to_response("register.html",  {'form': form,  }, )

Here's my Template:

{% block content %}      <h1>Register</h1>     <form action="" method="POST"> {% csrf_token %}         {{ form.as_p }}     <input type="submit" value="Submit">     </form>  {% endblock %}
like image 736
aroooo Avatar asked Nov 11 '11 03:11

aroooo

People also ask

What is CSRF token missing or incorrect?

The “Invalid or missing CSRF token” message means that your browser couldn't create a secure cookie, or couldn't access that cookie to authorize your login. This can be caused by ad- or script-blocking plugins, but also by the browser itself if it's not allowed to set cookies.

How do I get my CSRF token?

To fetch a CRSF token, the app must send a request header called X-CSRF-Token with the value fetch in this call. The server generates a token, stores it in the user's session table, and sends the value in the X-CSRF-Token HTTP response header.

2 Answers

Update: This answer is from 2011. CSRF is easy today.

These days you should be using the render shortcut function return render(request, 'template.html') which uses RequestContext automatically so the advice below is outdated by 8 years.

  1. Use render https://docs.djangoproject.com/en/2.2/topics/http/shortcuts/
  2. Add CSRF middleware https://docs.djangoproject.com/en/2.2/ref/csrf/
  3. Use the {% csrf_token %} template tag
  4. Confirm you see the CSRF token value being generated, AND submitted in your form request

Original Response

My guess is that you have the tag in the template but it's not rendering anything (or did you mean you confirmed in the actual HTML that a CSRF token is being generated?)

Either use RequestContext instead of a dictionary

render_to_response("foo.html", RequestContext(request, {}))

Or make sure you have django.core.context_processors.csrf in your CONTEXT_PROCESSORS setting.

https://docs.djangoproject.com/en/dev/ref/contrib/csrf/

Or add the token to your context manually

like image 196
Yuji 'Tomita' Tomita Avatar answered Oct 27 '22 12:10

Yuji 'Tomita' Tomita

Just add this to your views

return render_to_response("register.html", {'form': form, }, context_instance = RequestContext(request))

It will work!!

like image 21
Njogu Mbau Avatar answered Oct 27 '22 13:10

Njogu Mbau
Sign in to Comment

Related questions

Why is the address of this volatile variable always at 1?
Formatting an array value inside a Heredoc
the property content is set more than once
Is it possible to validate the xmlns:fb (Facebook) attribute?
How to redirect URLs with trailing slash to the corresponding ones without it?
Why is NSUserDefaults used in iOS?
Lazy lists in Prolog?
Rails 3.1: can't write to column in same migration that adds it
Is there any Treebank for free? [closed]
CSS Contain input text to 100% width
Can I write 'parameterized' tests in DUnit
Updating a sub-document in mongodb?

Donate For Us

If you love us? You can donate to us via Paypal or buy me a coffee so we can maintain and grow! Thank you!