Opened 6 years ago

Closed 6 years ago

#29785 closed Bug (invalid)

Using {{ csrf_token }} throws exception (AttributeError: 'dict' object has no attribute 'META') if no render context

Reported by: jeffrey k eliasen Owned by: nobody
Component: CSRF Version: dev
Severity: Normal Keywords:
Cc: Triage Stage: Unreviewed
Has patch: no Needs documentation: no
Needs tests: no Patch needs improvement: no
Easy pickings: yes UI/UX: no

Description (last modified by jeffrey k eliasen)

Calling render() with no context on a template that uses {{ csrf_token }} results in an exception being thrown.

I believe the appropriate fix is to change:

if "CSRF_COOKIE" not in request.META:

to:

if not request or not request.META or "CSRF_COOKIE" not in request.META:

I am happy to create a PR for this issue once I know it is a desired fix.

Change History (3)

comment:1 by jeffrey k eliasen, 6 years ago

Description: modified (diff)

comment:2 by jeffrey k eliasen, 6 years ago

Description: modified (diff)

comment:3 by Carlton Gibson, 6 years ago

Resolution: invalid
Status: newclosed

From the CSRF docs:

In the corresponding view functions, ensure that RequestContext is used to render the response so that {% csrf_token %} will work properly.

The request is required in the context.

(If you're looking to render your template in a true non-request context, you can use RequestFactory to generate a placeholder and add 'csrf_token': 'NOTPROVIDED' to the context in order to short circuit the CSRF input rendering.)

Note: See TracTickets for help on using tickets.
Back to Top