Bonjour, tu as oublié de forger ton token dans ta vue:
c.update(csrf(request)) https://docs.djangoproject.com/en/dev/ref/contrib/csrf/ Le 09/11/2012 13:46, Cornelis Michaël a écrit :
Bonjour à tous, Je met les mains dans le cambouis et voici mes premier problème. Lorsque j'essaye d'envoyer mon form (pour tester les gestions des erreurs) J'ai l'erreur suivante: Forbidden (403) CSRF verification failed. Request aborted. Help Reason given for failure: CSRF cookie not set.In general, this can occur when there is a genuine Cross Site Request Forgery, or when Django's CSRF mechanism <http://docs.djangoproject.com/en/dev/ref/contrib/csrf/#ref-contrib-csrf> has not been used correctly. For POST forms, you need to ensure:* Your browser is accepting cookies. * The view function uses |RequestContext| <http://docs.djangoproject.com/en/dev/ref/templates/api/#subclassing-context-requestcontext> for the template, instead of |Context|. * In the template, there is a |{% csrf_token %}| template tag inside each POST form that targets an internal URL. * If you are not using |CsrfViewMiddleware|, then you must use |csrf_protect| on any views that use the |csrf_token| template tag, as well as those that accept the POST data.You're seeing the help section of this page because you have |DEBUG = True| in your Django settings file. Change that to |False|, and only the initial error message will be displayed.You can customize this page using the CSRF_FAILURE_VIEW setting. Voici ce que j'ai concernant le CSRF: settings.py: MIDDLEWARE_CLASSES = ( 'django.middleware.csrf.CsrfViewMiddleware', 'django.middleware.common.CommonMiddleware', 'django.contrib.sessions.middleware.SessionMiddleware', 'django.contrib.auth.middleware.AuthenticationMiddleware', 'django.contrib.messages.middleware.MessageMiddleware', # Uncomment the next line for simple clickjacking protection: # 'django.middleware.clickjacking.XFrameOptionsMiddleware', ) Mon template: {% extends "base.html" %} {% block title %}Connexion{% endblock %} {% block bodyId %}loginPage{% endblock %} {% block content %} <form action="." method="POST"> {% csrf_token %} {% if error %} <p class="error">{{ error }}</p> {% endif %} <p> <label for="email">Courriel:</label> <input name="email" id="email" size="30" tpe="email" /> </p> <p> <label for="password">Mot de passe:</label> <input name="password" id="password" size="30" type="password" /> </p> <p> <input type="submit" value="Se connecter"/> <a href=""> Créer un compte</a> </p> </form> {% endblock %} Ma vue: # -*- coding: utf-8 -*- ''' Created on 8 nov. 2012 @author: m.cornelis ''' from django.shortcuts import render_to_response from django.http import HttpResponseRedirect from datetime import datetime def welcome(request): return render_to_response('welcome.html', {'current_date_time': datetime.now} ), def login(request): #teste si le formulaire a été envoyé if len(request.POST) >0: # Teste si mes paramètres attendus ont été transmis if 'email' not in request.POST or 'password' not in request.POST:error = "Veuillez entrer votre adresse email et votre mot de passe."return render_to_response('login.html', {'error' : error}) else: email = request.POST['email'] password = request.POST['password'] #teste si le mot de passe est le bon if password != 'password' or email != '[email protected]': error = "Adresse email ou mot de passe erroné." return render_to_response('login.html', {'error': error}) #Tout est bon, on va a la page d'accueil (welcome) else: return HttpResponseRedirect('/welcome') #Le formulaire n'a pas été envoyé else: return render_to_response ('login.html') Merci à vous :) -- Michaël Cornelis Rue Terne des vaches N°8 6460 Chimay Gsm: +32 (0)475/ 517.866 Fixe: +32 (0)60/ 779.010 E-Mail: [email protected] ______________________________ http://nut.lu | Raccourcisseur d'URL _______________________________________________ django mailing list [email protected] http://lists.afpy.org/mailman/listinfo/django
-- Nahuel ANGELINETTI
_______________________________________________ django mailing list [email protected] http://lists.afpy.org/mailman/listinfo/django
