Re: 'CSRF verification failed." from django.contrib.comments. can you help solve it? django 1.3

[brycenesbitt]

It works now that I have fully uninstalled pybbm.
Pybbm was incompatible with my app because it also extended the User
object (something apparently you can only do once?)

-- 
You received this message because you are subscribed to the Google Groups 
"Django users" group.
To post to this group, send email to django-users@googlegroups.com.
To unsubscribe from this group, send email to 
django-users+unsubscr...@googlegroups.com.
For more options, visit this group at 
http://groups.google.com/group/django-users?hl=en.

Re: 'CSRF verification failed." from django.contrib.comments. can you help solve it? django 1.3

[Melvyn Sopacua]

On 30-6-2012 8:39, brycenesbitt wrote:

> {% csrf_token %}
> 
> I render my form with:
> {% render_comment_form for entry %}

You should verify if the generated html looks sane. If you need help
with that, put it up on dpaste.

> ---
> I should note it did work when I first added it to the application.  It 
> broke after I added pybbm.  I've since removed pybbm (it is maintained and 
> broken), but comments
> started getting csrf errors.

Any chance pybbm started messing with the session storage backend and
you haven't set it back correctly? Do any sessions work at all?

-- 
Melvyn Sopacua


-- 
You received this message because you are subscribed to the Google Groups 
"Django users" group.
To post to this group, send email to django-users@googlegroups.com.
To unsubscribe from this group, send email to 
django-users+unsubscr...@googlegroups.com.
For more options, visit this group at 
http://groups.google.com/group/django-users?hl=en.

Re: 'CSRF verification failed." from django.contrib.comments. can you help solve it? django 1.3

[brycenesbitt]

On Thursday, June 28, 2012 10:43:58 AM UTC-7, jonas wrote:
>
> After the starting form tag add {% csrf_token %} 
>

I can't.
It is rendered for me by {% render_comment_form for entry %}

-- 
You received this message because you are subscribed to the Google Groups 
"Django users" group.
To view this discussion on the web visit 
https://groups.google.com/d/msg/django-users/-/P_1zIG9fUC4J.
To post to this group, send email to django-users@googlegroups.com.
To unsubscribe from this group, send email to 
django-users+unsubscr...@googlegroups.com.
For more options, visit this group at 
http://groups.google.com/group/django-users?hl=en.

Re: 'CSRF verification failed." from django.contrib.comments. can you help solve it? django 1.3

[brycenesbitt]

The "security_hash" field that you see is part of the comments app, and is 
> not the CSRF token. That needs to be output by a {% csrf_token %} tag (or 
> its equivalent). If it's working, you should see another hidden input 
> field, which looks like this:
>
> 
>  value="36d43c1652d5676d6d411950e077eeaa1cc1f799"/>
> 
>
> The comments app normally does that automatically -- it's part of 
> django/contrib/comments/templates/form.html -- Are you overriding the 
> comment form in your own app? If so, you need to include the call to {% 
> csrf_token %} yourself.
>

I am not overriding, at least not deliberately.

django/contrib/comments/templates/form.html has:
{% load comments i18n %}
{% csrf_token %}

I render my form with:
{% render_comment_form for entry %}

---
I should note it did work when I first added it to the application.  It 
broke after I added pybbm.  I've since removed pybbm (it is maintained and 
broken), but comments
started getting csrf errors.

-- 
You received this message because you are subscribed to the Google Groups 
"Django users" group.
To view this discussion on the web visit 
https://groups.google.com/d/msg/django-users/-/pykynQInFVUJ.
To post to this group, send email to django-users@googlegroups.com.
To unsubscribe from this group, send email to 
django-users+unsubscr...@googlegroups.com.
For more options, visit this group at 
http://groups.google.com/group/django-users?hl=en.

Re: 'CSRF verification failed." from django.contrib.comments. can you help solve it? django 1.3

[Ian Clelland]

On Thu, Jun 28, 2012 at 9:14 AM, brycenesbitt 
 wrote:

> I'm using django.contrib.comments and get 'CSRF token missing or
> incorrect.' when previewing or submitting a comment.  I have:

...



The HTML looks like it has the csrf security_hash in the proper place:
> 
>  />
> 
> 
> ...



The "security_hash" field that you see is part of the comments app, and is
not the CSRF token. That needs to be output by a {% csrf_token %} tag (or
its equivalent). If it's working, you should see another hidden input
field, which looks like this:





The comments app normally does that automatically -- it's part of
django/contrib/comments/templates/form.html -- Are you overriding the
comment form in your own app? If so, you need to include the call to {%
csrf_token %} yourself.

@csrf_protect  #does not matter if this is here or not
>

No, if you have the CSRFViewMiddleware installed, then you don't need this
line at all.

-- 
Regards,
Ian Clelland


-- 
You received this message because you are subscribed to the Google Groups 
"Django users" group.
To post to this group, send email to django-users@googlegroups.com.
To unsubscribe from this group, send email to 
django-users+unsubscr...@googlegroups.com.
For more options, visit this group at 
http://groups.google.com/group/django-users?hl=en.

Re: 'CSRF verification failed." from django.contrib.comments. can you help solve it? django 1.3

[Jonas Geiregat]

On do, jun 28, 2012 at 09:14:36 -0700, brycenesbitt wrote:
> http://127.0.0.1:8000/comments/post/>" method="post">
>/>
>id="id_timestamp" />
>value="6e85e1c846861c80575ce435b21a855706725b00" id="id_security_hash" 
> />

After the starting form tag add {% csrf_token %}

More information about it: 
https://docs.djangoproject.com/en/dev/ref/contrib/csrf/

-- 
You received this message because you are subscribed to the Google Groups 
"Django users" group.
To post to this group, send email to django-users@googlegroups.com.
To unsubscribe from this group, send email to 
django-users+unsubscr...@googlegroups.com.
For more options, visit this group at 
http://groups.google.com/group/django-users?hl=en.

'CSRF verification failed." from django.contrib.comments. can you help solve it? django 1.3

[brycenesbitt]

I'm using django.contrib.comments and get 'CSRF token missing or incorrect.' 
when previewing or submitting a comment.  I have:

*MIDDLEWARE_CLASSES = (*
*'django.middleware.csrf.CsrfViewMiddleware',*
*'django.middleware.common.CommonMiddleware',*
*'django.contrib.sessions.middleware.SessionMiddleware',*
*'django.contrib.auth.middleware.AuthenticationMiddleware',*
*'django.contrib.messages.middleware.MessageMiddleware',*
*)*

url(r'^comments/',  include('django.contrib.comments.urls')),
url(r'^entry/(?P\d+)/comment',  'rp2.views.entry_comment_add'),

@csrf_protect  #does not matter if this is here or not
def entry_comment_add(request, pk):
entry = models.Entry.objects.get(pk=pk)
assert isinstance(entry, models.Entry)
return render(request, 'entry_comment_popup.html', {'entry':entry})

{% extends 'head-plain.html' %}

{% load comments %}
{% block content %}
{% render_comment_form for entry %}
{% endblock %}

The HTML looks like it has the csrf security_hash in the proper place:

http://127.0.0.1:8000/comments/post/>" method="post">
  
  
  

...

I have read https://docs.djangoproject.com/en/dev/ref/contrib/comments/

-- 
You received this message because you are subscribed to the Google Groups 
"Django users" group.
To view this discussion on the web visit 
https://groups.google.com/d/msg/django-users/-/TDG0eAHHlkkJ.
To post to this group, send email to django-users@googlegroups.com.
To unsubscribe from this group, send email to 
django-users+unsubscr...@googlegroups.com.
For more options, visit this group at 
http://groups.google.com/group/django-users?hl=en.