I'm new to Django and I'm still trying to get to grips with its features. I've created very simple project with Django 1.4.2 which has index page with simple form where you enter something and results page where your input is displayed after submission (the code is below).
After submission, I get error 403 and the following message:
A {% csrf_token %} was used in a template, but the context did not provide the value. This is usually caused by not using RequestContext. warnings.warn("A {% csrf_token %} was used in a template, but the context did not provide the value. This is usually caused by not using RequestContext.")
index.html
<!DOCTYPE html>
<head>
<title>Index page</title>
</head>
<body>
<div id="header">Welcome to index page</div>
<div id="content">
<p>Enter your name</p>
<form action="/result/" method="post" accept-charset="utf-8">{% csrf_token %}
<input type="text" name="answer">
<input type="submit" value="Send!">
</form>
</div>
</body>
result.html
<!DOCTYPE html>
<head>
<title>Result page</title>
</head>
<body>
<div id="header">Here is the result</div>
<div id="content">
<p>Your name is: {{ answer }}</p>
</div>
</body>
views.py
from django.http import HttpResponse
from django.shortcuts import render_to_response
from django.template import RequestContext
def index(request):
return render_to_response('index.html')
def result(request):
p = request.POST['answer']
return render_to_response('result.html', {'answer': p}, context_instance=RequestContext(request))
I've looked into documentation and various examples on the Internet, but I don't understand what I'm doing wrong. If I disable django.middleware.csrf.CsrfViewMiddleware in settings.py, I get exactly what I want, but that's not the answer I'm looking for.
I appreciate help from more experienced Django ninjas :-)
Django has a {% csrf_token %} tag that is implemented to avoid malicious attacks. It generates a token on the server-side when rendering the page and makes sure to cross-check this token for any requests coming back in. If the incoming requests do not contain the token, they are not executed.
Django features a percent csrf token percent tag that is used to prevent malicious attacks. When generating the page on the server, it generates a token and ensures that any requests coming back in are cross-checked against this token. The token is not included in the incoming requests; thus they are not executed.
For all incoming requests that are not using HTTP GET, HEAD, OPTIONS or TRACE, a CSRF cookie must be present, and the 'csrfmiddlewaretoken' field must be present and correct. If it isn't, the user will get a 403 error.
The “Invalid or missing CSRF token” message means that your browser couldn't create a secure cookie or couldn't access that cookie to authorize your login. This can be caused by ad- or script-blocking plugins or extensions and the browser itself if it's not allowed to set cookies.
Your index.html
is rendered without RequestContext
. Try this:
def index(request):
return render_to_response('index.html', context_instance=RequestContext(request))
I also recomend you to use more convenient shortcut render
:
from django.shortcuts import render
def index(request):
return render('index.html')
From docs:
render() is the same as a call to render_to_response() with a context_instance argument that forces the use of a RequestContext.
EDIT:
Thanks @nerdwaller for mentioning, newer versions now needs:
render(request, 'index.html', {params});
I was getting this error using Django 2.1, turned out that it was caused by make an ajax request in the template that was called by another ajax request. So, the solution was to add 'request=request' to my render function:
args = {'someargs': somevalues}
html = render_to_string(
'my_template.html', context=args, request=request)
return HttpResponse(html)
If you love us? You can donate to us via Paypal or buy me a coffee so we can maintain and grow! Thank you!
Donate Us With