CSRF token missing or incorrect in django

Question

views.py

from django.shortcuts import render
from django.contrib.auth.decorators import login_required
from django.http import HttpResponse
import MySQLdb
from django.shortcuts import render_to_response
from django.shortcuts import HttpResponseRedirect
from django.template.loader import get_template
from django.template import Context, Template,RequestContext
import datetime
import hashlib
from random import randint
import random
from django.views.decorators.csrf import csrf_protect, csrf_exempt
from django.template.context_processors import csrf
import requests
from django.template import RequestContext
from log.forms import *

@csrf_protect
def register(request):
    if request.method == 'POST':
        form = RegistrationForm(request.POST)
        if form.is_valid():
            user = User.objects.create_user(
            username=form.cleaned_data['username'],
            password=form.cleaned_data['password1'],
            email=form.cleaned_data['email']
            )
            return HttpResponseRedirect('/register/success/')
    else:
        form = RegistrationForm()
    variables = RequestContext(request, {
    'form': form
    })

    return render_to_response(
    'register.html',
    variables,
    )
   # return render(request,"recharge.html")
def register_success(request):
    return render_to_response(
    'registration/success.html',
    )

base.html

 <form method="post" action="."> {% csrf_token %}
        <table border="0"> 
                { form.as_table }}
        </table>
    <button type="submit" value="Register">Register</button>
    <button type="button" onclick="window.location.href='/' ">Login</button>
 </form>

register.html

<!-- register.html -->
{% extends "base.html" %}
{% block title %}User Registration{% endblock %}
{% block head %}User Registration{% endblock %}
{% block content %}
    <form method="post" action=".">{% csrf_token %}
        <table border="0">
            {{ form.as_table }}
        </table>
        <button type="submit" value="Register">Register</button>
        <button type="button" onclick="window.location.href='/' ">Login</button>
    </form>
{% endblock %}

settings.py

TEMPLATES = [
    {
        'BACKEND': 'django.template.backends.django.DjangoTemplates',
        'DIRS': [os.path.join(BASE_DIR, 'templates')],
        'APP_DIRS': True,
        'OPTIONS': {
            'context_processors': [
                'django.template.context_processors.debug',
                'django.template.context_processors.request',
                'django.contrib.auth.context_processors.auth',
                'django.contrib.messages.context_processors.messages',
            ],
        },
    },
]

My django version: 1.10.4

How can i solve this problem?

i don't need html coded , i need inspect from html page from web browser — Ahmed Elemam, Feb 01 '17 at 09:47
this is my MIDDLEWARE_CLASSES = [ 'django.middleware.security.SecurityMiddleware', 'django.contrib.sessions.middleware.SessionMiddleware', 'django.middleware.common.CommonMiddleware', 'django.middleware.csrf.CsrfViewMiddleware', 'django.contrib.auth.middleware.AuthenticationMiddleware', 'django.contrib.auth.middleware.SessionAuthenticationMiddleware', 'django.contrib.messages.middleware.MessageMiddleware', 'django.middleware.clickjacking.XFrameOptionsMiddleware', ] — Venkatesh Panabaka, Feb 01 '17 at 09:53
django.core.context_processors.csrf add this in context processor of for template in settings.py — Ahmed Elemam, Feb 01 '17 at 09:55
Possible duplicate of [CSRF Token missing or incorrect](http://stackoverflow.com/questions/8089224/csrf-token-missing-or-incorrect) — Sayse, Feb 01 '17 at 09:57
@VenkateshPanabaka can you update your base.html the base.html that you gave seems to be broken. can you paste your exact base.html? — MicroPyramid, Feb 01 '17 at 10:05
if you use RequestContext check if you have django.core.context_processors.csrf in your CONTEXT_PROCESSORS. — MicroPyramid, Feb 01 '17 at 10:17

mislavcimpersak · Accepted Answer · 2017-02-01T10:00:19.383

5

call render_to_response like this:

from django.template import RequestContext

@csrf_protect
def register(request):
    # ...

    return render_to_response(
        'register.html',
        {'form': form}, 
        RequestContext(request)
    )

or just use render shortcut method

@csrf_protect
def register(request):
    # ...
    return render(request, 'register.html', {'form': form})

from 1.8 docs:

render() is the same as a call to render_to_response() with a context_instance argument that forces the use of a RequestContext.

edited Feb 01 '17 at 10:00

answered Feb 01 '17 at 09:51

mislavcimpersak

2,880
1
27
30

we can remove csrf_protect as Django by default verifies csrf_token for post requests. – MicroPyramid Feb 01 '17 at 10:01
have you tried using the `render` method, not `render_to_response`? part 2 of my answer? – mislavcimpersak Feb 01 '17 at 10:07

CSRF token missing or incorrect in django

1 Answers1