id,summary,reporter,owner,description,type,status,component,version,severity,resolution,keywords,cc,stage,has_patch,needs_docs,needs_tests,needs_better_patch,easy,ui_ux 18359,CSRF dosen't work,jollychang@…,nobody," $ cat view.py {{{#!python from django.shortcuts import render_to_response def test(request): if request.method == 'GET': return render_to_response('test.html') elif request.method == 'POST': return render_to_response('successful.html') }}} $ cat templates/test.html {{{
}}} $ cat settings.py {{{#!python MIDDLEWARE_CLASSES = ( 'django.middleware.common.CommonMiddleware', 'django.contrib.sessions.middleware.SessionMiddleware', 'django.middleware.csrf.CsrfViewMiddleware', 'django.contrib.auth.middleware.AuthenticationMiddleware', 'django.contrib.messages.middleware.MessageMiddleware', }}} after submit \\ {{{ Forbidden (403) CSRF verification failed. Request aborted. Help Reason given for failure: CSRF cookie not set. In general, this can occur when there is a genuine Cross Site Request Forgery, or when Django's CSRF mechanism has not been used correctly. For POST forms, you need to ensure: Your browser is accepting cookies. The view function uses RequestContext for the template, instead of Context. In the template, there is a {% csrf_token %} template tag inside each POST form that targets an internal URL. If you are not using CsrfViewMiddleware, then you must use csrf_protect on any views that use the csrf_token template tag, as well as those that accept the POST data. You're seeing the help section of this page because you have DEBUG = True in your Django settings file. Change that to False, and only the initial error message will be displayed. You can customize this page using the CSRF_FAILURE_VIEW setting. }}}",Bug,closed,CSRF,1.4,Normal,invalid,,,Unreviewed,0,0,0,0,0,0