Django - 403 Forbidden - CSRF token missing or incorrect

Question

I'm updated to Django 1.6 and get a issue with CSRF token, when i press button "Logout".

My code:
--views.py

@login_required(login_url='/login/')
def show_matches(request):
    errors = []
    logged = True
    if request.method == "POST":
        if 'edit' in request.POST:
            return HttpResponseRedirect("/edit_matches/")
        elif 'view' in request.POST:
            return HttpResponseRedirect("/view_matches/")
        elif 'logout' in request.POST:
            return HttpResponseRedirect("/logout/")
        else:
            errors.append('Incorrect operation!')
    return render_to_response('admin/match_main.html', RequestContext(request, locals()))  

-- match_show.html

{% extends "admin/base_admin.html" %}
{% block title %}Administration referee page {% endblock %}
{% block content %}
        <form action='.' method='post'>{% csrf_token %}
            <input class="btn btn-medium btn-primary" type="submit" value="Edit Matches" name="edit" />
            <input class="btn btn-medium btn-primary" type="submit" value="View Matches" name="view" />
        </form>
{% endblock %}

How to fix this?

Answer 1

添加隐藏的输入

<input type='hidden' name='csrfmiddlewaretoken' value='{{csrf_token}}'>

Answer 2

The template you have shown does not include the logout button. If you want to logout with a post request, you must include a csrf token in the form containing the logout button.