Django: CSRF token missing or incorrect. / avoid {% csrf_token %}
Question
I'm following the Django guide on Show me do. But I have a question:
If I just copy his code I gen an
Forbidden (403) CSRF verification failed. Request aborted.
I've solved that problem by adding context_instance=RequestContext(request) to all "my" return render_to_response and by adding {% csrf_token %} to the form I'm calling.
Here comes the question : Can I any way set this up to be invoked "behind the sceenes" or to I have to add this to all my forms !?
Jens
2 answers
solution1
0 2014-05-23 05:59:12
CSRF is an important security concept AFAIK.
You either have to set csrf_token [which would set a hidden post parameter] to all forms which uses post, put or delete request or You can use X-CSRFToken header as well. You can use render shortcut rather than render_to_response to include RequestContext by default. See:
https://docs.djangoproject.com/en/dev/ref/contrib/csrf/
There is a way to completely avoid CSRF checks by removing middleware or using a decorator . But I would recommend against this.
solution2
0 ACCPTED 2014-05-23 06:32:00
Yes, you can use render(request, template, context) rather than render_to_response . The render shortcut uses a RequestContext automatically.
The technical post webpages of this site follow the CC BY-SA 4.0 protocol. If you need to reprint, please indicate the site URL or the original address.Any question please contact:yoyou2525@163.com.