Hey,
I've also struggled with CSRF for a while.
Maybe I can give you some guidance.
> you need to ensure:
>
> •The view function uses RequestContext for the template, instead of
> Context.
> •In the template, there is a {% csrf_token %} template tag inside each
> POST form that targets an internal URL.
> •If you are not using CsrfViewMiddleware, then you must use
> csrf_protect on any views that use the csrf_token template tag, as
> well as those that accept the POST data.
> You're seeing the help section of this page because you have DEBUG =
> True in your Django settings file. Change that to False, and only the
> initial error message will be displayed.
>
Have you checked each item mentioned by the error report ?
>
> <form action="/polls/uploadfile/" method="POST" enctype="multipart/
> form-data">
Add {% crsf_token %} directly after the opening form tag.
>
> return render_to_response('polls/uploadfile.html', {'form':
> form})
>
You must always a ContextRequest like this:
from django.template import RequestContext
return render_to_response('polls/uploadfile.html', {'form':form},
context_instance=RequestContext(your_request_var))
If you are still stuck I can advise you to read the following article:
http://andrew.io/weblog/2010/01/django-piston-and-handling-csrf-tokens
Good luck!
--
You received this message because you are subscribed to the Google Groups
"Django users" group.
To post to this group, send email to django-users@googlegroups.com.
To unsubscribe from this group, send email to
django-users+unsubscr...@googlegroups.com.
For more options, visit this group at
http://groups.google.com/group/django-users?hl=en.
