Search code examples
djangodjango-csrf

Django Book OUTDATE CSRF protection

Hello I'm a newbie trying to use django to register some users, I have been reading the Django Book and am on a chapter about registration,http://www.djangobook.com/en/2.0/chapter14/ when I do the instructions I get this

Forbidden (403)

CSRF verification failed. Request aborted. Help

Reason given for failure:

CSRF token missing or incorrect.

In general, this can occur when there is a genuine Cross Site Request Forgery, or when Django's CSRF mechanism has not been used correctly. For POST forms, you need to ensure:

Your browser is accepting cookies.
The view function uses RequestContext for the template, instead of Context.
In the template, there is a {% csrf_token %} template tag inside each POST form that targets an internal URL.
If you are not using CsrfViewMiddleware, then you must use csrf_protect on any views that use the csrf_token template tag, as well as those that accept the POST data.

You're seeing the help section of this page because you have DEBUG = True in your Django settings file. Change that to False, and only the initial error message will be displayed.

You can customize this page using the CSRF_FAILURE_VIEW setting.

I put the {% csrf_token %} template tag inside the post tag and it still gives me this error. thanks

#  views.py
#  
#  Copyright 2012 Talisman <KlanestroTalisman@gmail.com>
from django.shortcuts import render_to_response
from django import forms
from django.contrib.auth.forms import UserCreationForm
from django.http import HttpResponseRedirect

def home (request):
    return render_to_response('FirstTemplate.html',)

def register(request):
    if request.method == 'POST':
        form = UserCreationForm(request.POST)
        if form.is_valid():
            new_user = form.save()
            return HttpResponseRedirect("/books/")
    else:
        form = UserCreationForm()
    return render_to_response("register.html", {
        'form': form,
    })

forms

{% extends "base.html" %}

{% block title %}Create an account{% endblock %}

{% block content %}
  <h1>Create an account</h1>

  <form action="" method="post"{% csrf_token %}>
      {{ form.as_p }}
      <input type="submit" value="Create the account">
  </form>
{% endblock %}
Solution

  • Djangobook uses a pretty old version of django, you may be on a newer version, I have tried the information and csrf section is definitely outdated since they had some modification to the way this is handled in newer versions, match your django version with the book version, also some frequent reasons for this error (In addition to the middleware thing mentioned by pahko) are

    1. not using csrf_token tag in template
    2. not using RequestContext class - replace Context with RequestContext

    like this

    from django.template import RequestContext

    and in the render statement

    return render_to_response("home/index.html", c, context_instance=RequestContext(request))

    note: use your own template path in above statement.