Search code examples
pythondjangocsrf-protection

Shownig csrf verification failed in django

When i click submit it is showing csrf verification failed eventhough i used {% csrftoken %} here my view.py:

@csrf_protect
def register(request):
 if request.method == 'POST':
    form = RegistrationForm(request.POST)
    if form.is_valid():
        user = User.objects.create_user(
        username=form.cleaned_data['username'],
        password=form.cleaned_data['password1'],
        email=form.cleaned_data['email']
        )
        return HttpResponseRedirect('/login/')
else:
    form = RegistrationForm()
catagories = Company_Profile.objects.all()
variables = RequestContext(request, {
'form': form,'catagories' : catagories
})

return render_to_response(
'index1.html',
variables

)

my html page index1.html s:

<div id="connect_signup_box" class="connect_box_form clearfix">{% csrf_token  %}
<form enctype="application/x-www-form-urlencoded" class="global_form"  action="" method="POST">{% csrf_token %}<div><div><h3>Create Account</h3>
<div class="form-elements" >
<div id="name-wrapper" class="form-wrapper"><div id="name-label"  class="form-label"><label for="name" class="optional">Name</label></div>
<div id="name-element" class="form-element">
<input type="text" name="name" id="name" value="" class="signup-name"></div>     </div>

<div id="username-wrapper" class="form-wrapper"><div id="username-label"   class="form-label"><label for="id_username">Username:</label></div>
<div id="username-element" class="form-element">
<input id="id_username" max_length="30" name="username" required="True"  type="text">
<div id="uJTtr4FGLy-wrapper" class="form-wrapper"><div id="uJTtr4FGLy-label"     class="form-label"><label for="id_email">Email Id:</label></div>
<div id="uJTtr4FGLy-element" class="form-element">
<input id="id_email" max_length="30" name="email" required="True"   type="text">
<p class="description">You will use your email address to login.</p></div>   </div>
<div id="password-wrapper" class="form-wrapper"><div id="password-label"     class="form-label"><label for="id_password1">Password:</label></div>
<div id="password-element" class="form-element">
<input id="id_password1" name="password1" type="password">
<p class="description">Passwords must be at least 6 characters in length.    </p></div></div>
<div id="passconf-wrapper" class="form-wrapper"><div id="passconf-label"    class="form-label"><label for="id_password2">Password (Confirm):</label></div>
<div id="passconf-element" class="form-element">
<input id="id_password2" max_length="30" name="password2"    render_value="False" required="True" type="password">
<p class="description">Enter your password again for confirmation.</p></div>   </div>

<p class="description">This will be the end of your profile link, for   example: <br> </p></div></div>
</div></div>
<div id="terms-wrapper" class="form-wrapper"><div id="terms-label"    class="form-label">&nbsp;</div><div id="terms-element" class="form-element">
<input type="hidden" name="terms" value=""><input type="checkbox"    name="terms" id="terms" value="1" tabindex="7">
<label class="null" for="terms">I have read and agree to the <a    target="_blank" href="help/terms.html">terms of service</a>.</label></div></div>
<div id="submit-wrapper" class="form-wrapper"><div id="submit-label"     class="form-label">&nbsp;</div><div id="submit-element" class="form-element">
<input type="hidden" name="csrfmiddlewaretoken"    value="vmGTjibc4wzzsrVshrElFs8J0T24UECG">
        <input type="submit" class="btn btn-success" value="submit">

    <input type="reset" class="btn" value="cancel">

  </div></div></div></form>  </div>

</div>

i am not using form.as_p since i need it individually to apply css.. please help me

edit: i got the answer the actual problem is i have hardcoded csrf i.e

so removed it and it works fine. thanks to @ Daniel Roseman who noticed me that and thanks to all for helping me.

Solution

  • You need to move the {% csrf_token %} tag - put it within the form. Also, if you are using django.middleware.csrf.CsrfViewMiddleware, you do not have to manually csrf_protect your view.

    And for the context instance, try doing it like this:

    def register(request):
     if request.method == 'POST':
         form = RegistrationForm(request.POST)
         if form.is_valid():
             user = User.objects.create_user(
             username=form.cleaned_data['username'],
             password=form.cleaned_data['password1'],
             email=form.cleaned_data['email']
             )
             return HttpResponseRedirect('/login/')
         else:
             form = RegistrationForm()
     catagories = Company_Profile.objects.all()
     variables = {'form': form,'catagories' : catagories}

     return render_to_response('index1.html', variables, context_instance=RequestContext(request))