0

I am getting the error

CSRF verification failed. Request aborted.

when trying to use 'add to cart' with a simple cart application I wrote.

The code in my template:

<form action="{% url "cart:cart_add" instance.id %}" method="post">
    {% csrf_token %}
    {{ cart_product_form }}
    <input type="submit" value="add to cart">
</form>

And my views from views.py:

@require_POST
def cart_add(request, product_id):
    cart = Cart(request)
    product = get_object_or_404(Product, id=product_id)
    form = CartAddProductForm(request.POST)
    if form.is_valid():
        cd = form.cleaned_data
        cart.add(product=product, quantity=cd['quantity'], update_quantity=cd['update'])
    return redirect('cart:cart_detail')

def cart_detail(request):
    template = loader.get_template('/webapps/my_webapp/furniture_site/cart/templates/cart/detail.html')
    cart = Cart(request)
    for item in cart:
        item['update_quantity_form'] = CartAddProductForm(initial={'quantity': item['quantity'], 'update': True})
    context={'cart': cart}
    return HttpResponse(template.render(context))

Everything seems fine as far as I can see, what am I missing?

My middleware config:

MIDDLEWARE = [
    'django.middleware.security.SecurityMiddleware',
    'django.contrib.sessions.middleware.SessionMiddleware',
    'django.middleware.common.CommonMiddleware',
    'django.middleware.csrf.CsrfViewMiddleware',
    'django.contrib.auth.middleware.AuthenticationMiddleware',
    'django.contrib.messages.middleware.MessageMiddleware',
    'django.middleware.clickjacking.XFrameOptionsMiddleware',
    'django.contrib.flatpages.middleware.FlatpageFallbackMiddleware',
]

Alternative view that still does not work:

def cart_detail(request):
    cart = Cart(request)
    for item in cart:
        item['update_quantity_form'] = CartAddProductForm(initial={'quantity': item['quantity'], 'update': True})
    return render(request, 'cart/detail.html', {'cart': cart})

edit: This does not seem to be a duplicate of the marked question, as the answer to that question was to use render to return request, which I am doing.

Jake Rankin
  • 714
  • 6
  • 22
  • Possible duplicate of [Django - {% csrf\_token %} was used in a template, but the context did not provide the value](https://stackoverflow.com/questions/13048228/django-csrf-token-was-used-in-a-template-but-the-context-did-not-provid) – atn Dec 26 '18 at 09:01
  • @atn, context does provide the value though – Jake Rankin Dec 26 '18 at 09:07

1 Answers1

0

Clear cache and reload page. If not solve then give exact error traceback.

Edited: from django.template import RequestContext

return render_to_response('results.html', {'results' : results}, context_instance=RequestContext(request) )

Try this

shafik
  • 6,098
  • 5
  • 32
  • 50
  • Clearing cache and reloading did not help, even used a different browser. How do I give specific error traceback, nothing is put out to page – Jake Rankin Dec 26 '18 at 08:30
  • Can you add your settings.py middleware config – shafik Dec 26 '18 at 08:31
  • Added to question – Jake Rankin Dec 26 '18 at 08:36
  • I changed view per your answer and added to question, still get same error – Jake Rankin Dec 26 '18 at 08:53
  • @waqasgard I did just now and that solved my problem! But surely a shopping cart should not be csrf_exempt! – Jake Rankin Dec 26 '18 at 09:10
  • @JakeRankin If you're a frontend developer you'd definitely know what CSRF tokens are for and how you've to pass that with your requests for Django to verify your browser. If not please ask your Frontend developer to take care of this. This is not Django's problem. – waqasgard Dec 26 '18 at 10:50
  • @waqasgard Not a frontend developer but I have a background in security, I understand what CSRF tokens are and how they are used. This is django throwing the error, so how is it not a django problem? – Jake Rankin Dec 26 '18 at 18:13
  • What I meant by that is your frontend is not handling the tokens correctly as in it's not passing the tokens correctly to Django and hence Django throws this error. – waqasgard Dec 26 '18 at 18:19
  • @waqasgard not as of yet, everything I can see indicates I am sending the csrf_token correctly from the form and it is being received by the view – Jake Rankin Dec 30 '18 at 09:49