id	summary	reporter	owner	description	type	status	component	version	severity	resolution	keywords	cc	stage	has_patch	needs_docs	needs_tests	needs_better_patch	easy	ui_ux
18359	CSRF dosen't work	jollychang@…	nobody	"
$ cat view.py
{{{#!python
from django.shortcuts import render_to_response

def test(request):
    if request.method == 'GET':
        return render_to_response('test.html')
    elif request.method == 'POST': 
        return render_to_response('successful.html')

}}}
$ cat templates/test.html 
{{{
<form action=""."" method=""post"">{% csrf_token %}
<input type=""submit"" value=""Submit"" />
</form>
}}}
$ cat settings.py
{{{#!python

MIDDLEWARE_CLASSES = (
    'django.middleware.common.CommonMiddleware',
    'django.contrib.sessions.middleware.SessionMiddleware',
    'django.middleware.csrf.CsrfViewMiddleware',
    'django.contrib.auth.middleware.AuthenticationMiddleware',
    'django.contrib.messages.middleware.MessageMiddleware',
}}}
after submit \\
{{{
Forbidden (403)
CSRF verification failed. Request aborted.
Help
Reason given for failure:
    CSRF cookie not set.
    
In general, this can occur when there is a genuine Cross Site Request Forgery, or when Django's CSRF mechanism has not been used correctly. For POST forms, you need to ensure:
Your browser is accepting cookies.
The view function uses RequestContext for the template, instead of Context.
In the template, there is a {% csrf_token %} template tag inside each POST form that targets an internal URL.
If you are not using CsrfViewMiddleware, then you must use csrf_protect on any views that use the csrf_token template tag, as well as those that accept the POST data.
You're seeing the help section of this page because you have DEBUG = True in your Django settings file. Change that to False, and only the initial error message will be displayed.
You can customize this page using the CSRF_FAILURE_VIEW setting.
}}}"	Bug	closed	CSRF	1.4	Normal	invalid			Unreviewed	0	0	0	0	0	0