[Django] #18359: CSRF dosen't work

[Django]

#18359: CSRF dosen't work
------------------------------+--------------------
     Reporter:  jollychang@…  |      Owner:  nobody
         Type:  Bug           |     Status:  new
    Component:  contrib.csrf  |    Version:  1.4
     Severity:  Normal        |   Keywords:
 Triage Stage:  Unreviewed    |  Has patch:  0
Easy pickings:  0             |      UI/UX:  0
------------------------------+--------------------
 $ cat view.py
 {{{#!python
 from django.shortcuts import render_to_response

 def test(request):
     if request.method == 'GET':
         return render_to_response('test.html')
     elif request.method == 'POST':
         return render_to_response('successful.html')

 }}}
 $ cat templates/test.html
 {{{
 <form action="." method="post">{% csrf_token %}
 <input type="submit" value="Submit" />
 </form>
 }}}
 $ cat settings.py
 {{{#!python

 MIDDLEWARE_CLASSES = (
     'django.middleware.common.CommonMiddleware',
     'django.contrib.sessions.middleware.SessionMiddleware',
     'django.middleware.csrf.CsrfViewMiddleware',
     'django.contrib.auth.middleware.AuthenticationMiddleware',
     'django.contrib.messages.middleware.MessageMiddleware',
 }}}
 after submit \\
 {{{
 Forbidden (403)
 CSRF verification failed. Request aborted.
 Help
 Reason given for failure:
     CSRF cookie not set.

 In general, this can occur when there is a genuine Cross Site Request
 Forgery, or when Django's CSRF mechanism has not been used correctly. For
 POST forms, you need to ensure:
 Your browser is accepting cookies.
 The view function uses RequestContext for the template, instead of
 Context.
 In the template, there is a {% csrf_token %} template tag inside each POST
 form that targets an internal URL.
 If you are not using CsrfViewMiddleware, then you must use csrf_protect on
 any views that use the csrf_token template tag, as well as those that
 accept the POST data.
 You're seeing the help section of this page because you have DEBUG = True
 in your Django settings file. Change that to False, and only the initial
 error message will be displayed.
 You can customize this page using the CSRF_FAILURE_VIEW setting.
 }}}

-- 
Ticket URL: <https://code.djangoproject.com/ticket/18359>
Django <https://code.djangoproject.com/>
The Web framework for perfectionists with deadlines.

-- 
You received this message because you are subscribed to the Google Groups 
"Django updates" group.
To post to this group, send email to django-updates@googlegroups.com.
To unsubscribe from this group, send email to 
django-updates+unsubscr...@googlegroups.com.
For more options, visit this group at 
http://groups.google.com/group/django-updates?hl=en.