I am building a simple social network in django.
In the "home" of my social, I have the list of all posts published by all users, with author and publishing date. Under each post of the logged user, a "delete" button appears. If the user clicks on it, it returns a specific view of that post, with a message "do you really wish to delete this post?" and two buttons to confirm or cancel the post deletion.
However, as I click on button "confirm deletion", the page reloads to the same point, and nothing changes except for the fact that
?csrfmiddlewaretoken=--random-sequence--
appears at the end of the current url in the urlbar.
What am I missing?
Here is my template:
<h3>Do you want to delete this post?</h3>
<div class="posts">
{% include "posts/_post.html" with post=object hide_delete=True %}
</div>
<form class="POST">
{% csrf_token %}
<input type="submit" value="Confirm Delete" class="btn btn-danger btn-large">
<a href="{% url 'posts:delete' pk=post.pk %}" class="btn btn-simple btn-large btn-default">Cancel</a>
</form>
and my DeletePost view based on generic.DeleteView:
class DeletePost(LoginRequiredMixin, SelectRelatedMixin, generic.DeleteView):
model = models.Post
select_related = ('user', 'group')
success_url = reverse_lazy('posts:all')
def get_queryset(self):
queryset = super().get_queryset()
return queryset.filter(user_id = self.request.user.id)
def delete(self,*args,**kwargs):
messages.success(self.request,'Post Deleted')
return super().delete(*args,**kwargs)
You currently have
<form class="POST">
It should be
<form method="POST">
When method is missing, the browser does a GET request by default, so you see the form values in the URL querystring.