| Issue 91: | Django 1.2 CSRF not supported | |
| 3 people starred this issue and may be notified of changes. | Back to list |
What steps will reproduce the problem? 1. Install django-forum with a recent Django 1.2 beta 2. Enable CsrfViewMiddleware 3. Try to post to a forum What is the expected output? What do you see instead? A message being posted. Instead, I get the CSRF_FAILURE_VIEW.
Oct 14, 2010
Hi guys, Thanks for this great software. I just added it to a Django 1.2.3. project and I am having the problem above with CSRF. What is the workaround? (I have tried adding csrf_protect tags in the templates concerned as well as having the CSRF Middleware in my settings. No joy still, otherwise the admin works fine. What to do?
Oct 18, 2010
The workaround I've found is:
1. In views.py add:
from django.core.context_processors import csrf
2. In every single view dealing with POSTing forms not using RequestContext add:
c = {}
c.update(csrf(request))
and in the returned generic views not using RequestContext add in extra_content dictionary:
'csrf': c,
3. In all templates containing form add right after form tag:
{% csrf_token %}
AFAIK the only view/template not dealing with POSTing forms is forums list.
Attached summary diff from mercurial.
HTH.
Cheers.
|
Status: Accepted
Owner: rwpoulton