1

Django noob here ! I've tried basically every solution online and I still have the error (one Chrome) "CSRF token missing or incorrect" while Opera and Firefox return "CSRF cookie not set" instead...? Here are my files :

views.py

# views.py
from django.shortcuts import render_to_response
from django.http import HttpResponse, HttpResponseRedirect
from django.contrib.auth import authenticate, login
from django.template import RequestContext
from django.core.context_processors import csrf

def dashboard(request):
    state = "log in"
    if request.user.is_authenticated():
        return render_to_response('memberbrd.html')
    elif request.method == "POST":
        username = request.POST.get('username')
        password = request.POST.get('password')
        user = authenticate(username=username, password=password)
        if user is not None:
            if user.is_active:
                login(request, user)
                return HttpResponseRedirect('/')
            else: 
                error = "inactive"
        else:
            error = "wrong username or password"
        render_to_response('visitorbrd.html', {'errors': error}, context_instance = RequestContext(request)) # I've also tried without context_instance, without passing errors...
    else:
        return render_to_response('visitorbrd.html')

urls.py

#urls.py
from django.conf.urls import patterns, include, url

from django.contrib import admin
admin.autodiscover()

from mission.views import *

urlpatterns = patterns('',
    url(r'^admin/', include(admin.site.urls)),
    url(r'^$', dashboard),
)

visitorbrd.html

{% extends "base.html" %}
{% block content %}
    {% if state %}
        <p>{{ state }}</p>
    {% endif %}
    <form action="." method="POST">{% csrf_token %}
        <label for="username">User name:</label>
        <input type="text" name="username" value="" id="username">
        <label for="password">Password:</label>
        <input type="password" name="password" value="" id="password">
        <input type="submit" value="login" />
        <input type="hidden" name="next" value="{{ next|escape }}" />
    </form>
{% endblock %}

Thanks !

Ezix
  • 126
  • 1
  • 8
  • You look to be handling the POST correctly according to the documentation. Have you tried the alternate method of handling the csrf token? From the docs...Manually import and use the processor to generate the CSRF token and add it to the template context. e.g.: from django.core.context_processors import csrf from django.shortcuts import render_to_response def my_view(request): c = {} c.update(csrf(request)) # ... view code here return render_to_response("a_template.html", c) – Jeremy Howard Jan 28 '13 at 17:47

2 Answers2

3

You're not using RequestContext for the final render_to_response which is responsible for actually showing the form.

Daniel Roseman
  • 588,541
  • 66
  • 880
  • 895
1

The previous answer is absolutely correct. A RequestContext is not required to output the form itself, though. This is handled by the Form class. The problem is that a new CSRF Token needs to be generated via the request and this is done through Django's middleware. The middleware only has access to the context variables and so by that logic, it needs the RequestContext to do this.

On a side note, I prefer Django's "render" function over "render_to_response." There are some times in which this function is too generic, but for a newer user, the savings on typing are nice and the code looks a lot cleaner. I copied the example from Django's site (I'll include a permalink below as well).

from django.shortcuts import render

def my_view(request):
    # View code here...
    return render(request, 'myapp/index.html', {"foo": "bar"},
        content_type="application/xhtml+xml")

Django Documentation: Shortcut Functions : render

Jake
  • 11
  • 1