Re: Forbidden (403)

On Mon, Nov 12, 2012 at 2:00 PM, Nebros <markuschristen84@gmail.com> wrote:
> I know this is an old problem with many answers... but no one helps me. ^^
> what i have:
>
> Settings--------------------------------
> MIDDLEWARE_CLASSES = (
> 'django.middleware.csrf.CsrfViewMiddleware',
> 'django.middleware.common.CommonMiddleware',
> 'django.contrib.sessions.middleware.SessionMiddleware',
> 'django.contrib.auth.middleware.AuthenticationMiddleware',
> 'django.contrib.messages.middleware.MessageMiddleware',
> # Uncomment the next line for simple clickjacking protection:
> # 'django.middleware.clickjacking.XFrameOptionsMiddleware',
> )
> -------------------------------------------
>
> urls--------------------------------------
> from django.conf.urls import patterns
> from klasse.views import portal, kundendaten
> urlpatterns = patterns('',
> (r'^portal/$', portal),
> (r'^kundendaten/$', kundendaten),
> )
> -------------------------------------------
>
> views-----------------------------------
> from django.shortcuts import render_to_response
> from django.core.context_processors import csrf
> from django.views.decorators.csrf import csrf_protect
> import datetime
> import pyodbc
> @csrf_protect
> def portal(request):
> now = datetime.datetime.now()
> return render_to_response('portal.html', {'current_date': now})
> --------------------------------------------
>
> portal.html------------------------------
> <form method="post" action="/kundendaten/">
> {% csrf_token %}
> <fieldset>
> <legend>Anfrage</legend>
> <p>Bitte Kundennamen eingeben</p>
> <label>
> <input type="text" name="kunde" size="30" required="required">
> </label>
> <br>
> <br>
> <input type="submit" name="senden" value="Senden"
> href="kundendaten">
> </fieldset>
> </form>
> --------------------------------------------
>
> I tryed a lot of variants to fix my "post" problem, but without success. can
> anybody help me? ^^
> thx
> *pls ignore my englisch fails
>

There are three steps to enabling CSRF protection:

1) Add CsrfViewMiddleware
2) Add csrf_token to the form
3) Ensure that the csrf token is in the template context, by using a
RequestContext or calling the CSRF context processor directly.

As documented here:

https://docs.djangoproject.com/en/1.4/ref/contrib/csrf/

You've done 1 and 2. You haven't done 3.

Cheers

Tom

--
You received this message because you are subscribed to the Google Groups "Django users" group.
To post to this group, send email to django-users@googlegroups.com.
To unsubscribe from this group, send email to django-users+unsubscribe@googlegroups.com.
For more options, visit this group at http://groups.google.com/group/django-users?hl=en.