I have another problem caused by the major upgrades I've done to a Django app (from 1.7 to 1.10 and Django Rest Framework to 3.5.4). I managed to fix some other errors that were causing a 500 error on the signup page, but still I have a problem with the CSRF token. This functionality was working before the upgrades. I have checked all the things mentioned in the error paged (I have DEBUG=True), but all of them seem ok, as to follow:
In the class "CompanyAdmin" I have the signup method:
def signup(self, request):
if request.method == "GET":
form = SignupForm()
else:
form = SignupForm(request.POST)
if form.is_valid():
company = form.save()
user = company.managers.all()[0]
user = authenticate(
email=user.email, password=request.POST["password1"])
if user is not None:
login(request, user)
return HttpResponseRedirect(reverse("bagdisken:index"))
return shortcuts.render_to_response("bagdisken/signup.html",
context=RequestContext(request, {
'form': form,
}))
I had problems with the context, causgin a 500 error, which I fixed by adding the request in the context. Previous it was like this:
return shortcuts.render_to_response("bagdisken/signup.html", {'form': form})
The CSRF token is present in the view:
{% extends "admin/base_site.html"%}
{% load form_utils %}
{% block content_title%}{% endblock %}
{% block breadcrumbs %}{% endblock %}
{% block nav-global %}{% endblock %}
{% block coltype %}twelve columns offset-by-two{% endblock %}
{% block content%}
<form id="signup" action="#" method="POST" >
{% csrf_token %}
{{ form|render }}
<input type="submit" value="Submit" />
</form>
{% endblock %}
And the CsrfViewMiddleware is also present in setting:
MIDDLEWARE_CLASSES = (
'django.middleware.common.CommonMiddleware',
'django.middleware.csrf.CsrfViewMiddleware',
'django.contrib.sessions.middleware.SessionMiddleware',
'django.contrib.auth.middleware.AuthenticationMiddleware',
'django.contrib.messages.middleware.MessageMiddleware',
'corsheaders.middleware.CorsMiddleware',
# Uncomment the next line for simple clickjacking protection:
# 'django.middleware.clickjacking.XFrameOptionsMiddleware',
)
Still, the hidden input for the csrf token is absent. How can I fix the problem?
Don't use render_to_response
, it's obsolete. It doesn't make the request available in the response, so the CSRF template context processor does not work.
Use the render
shortcut instead. It renders the template with a request, so the CSRF token will work.
from django.shortcuts import render
def signup(self, request):
...
return render(request, "bagdisken/signup.html", {'form': form})