In Django template I used:
<form action="/user" method="post">{% csrf_token %}
{{ form.as_p|safe }}
<input type="submit" value="Submit" />
</form>
But error when I change to jinja2 template engine
:
Encountered unknown tag 'csrf_token'
My question: csrf_token protection
in jinja2
is required?
If required, how to do this?
Thanks in advance!
Yes, you still want to use Cross Site Request Forgery protection, but Jinja2 works a little differently.
Instead of this default Django Template Language string:
{% csrf_token %}
You can replace it with this for Jinja2 which has the same behavior of outputting the full hidden HTML input element:
{{ csrf_input }}
You can also use {{ csrf_token }}
by itself in a Jinja2 template to get just the CSRF token itself and manually create your own form field like:
<input type="hidden" name="csrfmiddlewaretoken" value="{{ csrf_token }}">