Opened 7 years ago
Closed 7 years ago
#29785 closed Bug (invalid)
Using {{ csrf_token }} throws exception (AttributeError: 'dict' object has no attribute 'META') if no render context
| Reported by: | jeffrey k eliasen | Owned by: | nobody |
|---|---|---|---|
| Component: | CSRF | Version: | dev |
| Severity: | Normal | Keywords: | |
| Cc: | Triage Stage: | Unreviewed | |
| Has patch: | no | Needs documentation: | no |
| Needs tests: | no | Patch needs improvement: | no |
| Easy pickings: | yes | UI/UX: | no |
Description (last modified by )
Calling render() with no context on a template that uses {{ csrf_token }} results in an exception being thrown.
I believe the appropriate fix is to change:
if "CSRF_COOKIE" not in request.META:
to:
if not request or not request.META or "CSRF_COOKIE" not in request.META:
I am happy to create a PR for this issue once I know it is a desired fix.
Change History (3)
comment:1 by , 7 years ago
| Description: | modified (diff) |
|---|
comment:2 by , 7 years ago
| Description: | modified (diff) |
|---|
comment:3 by , 7 years ago
| Resolution: | → invalid |
|---|---|
| Status: | new → closed |
Note:
See TracTickets
for help on using tickets.
From the CSRF docs:
The
requestis required in the context.(If you're looking to render your template in a true non-request context, you can use
RequestFactoryto generate a placeholder and add'csrf_token': 'NOTPROVIDED'to the context in order to short circuit the CSRF input rendering.)