Wednesday, June 12, 2013

Re: Problem with csrf

You are correct in assuming that your first view using render_to_response shouldn't work without sending a RequestContext in.
A much cleaner way is just to use the render function.
which takes a lot of typing out of the typical render_to_response with RequestContext.  



On Wednesday, June 12, 2013 8:23:40 PM UTC-4, Nick Dokos wrote:
I have a simple application and it DTRT before turning on CSRF
(this is on Django 1.5.1). So I tried to follow the documentation
to turn on CSRF detection and was getting intro trouble.

First I tried to follow this page:

   https://docs.djangoproject.com/en/1.5/ref/contrib/csrf/

I did steps 1 and 2 (uncommenting the csrf middleware in
MIDDLEWARE_CLASSES and adding {% csrf_token %} to my (one and only)
POST form) and then tried step 3.2:

--8<---------------cut here---------------start------------->8---
from django.core.context_processors import csrf
from django.shortcuts import render_to_response

def my_view(request):
    c = {}
    c.update(csrf(request))
    # ... view code here
    return render_to_response("a_template.html", c)
--8<---------------cut here---------------end--------------->8---

where I added my dictionary entries to c before passing it to
render_to_response.

That did not work - the development server said:

,----
| /usr/local/lib/python2.7/dist-packages/django/template/defaulttags.py:58:
| UserWarning: A {% csrf_token %} was used in a template, but the context
| did not provide the value.  This is usually caused by not using
| RequestContext.
|
|   warnings.warn("A {% csrf_token %} was used in a template, but the
|   context did not provide the value.  This is usually caused by not
|   using RequestContext.")
`----

I tried step 3.2, instead of step 3.1, because the page above did not
contain enough detail for me to figure out how to use RequestContext and
I was too lazy to type it into the search box: I was suitably punished
for my laziness.

I finally found a different page that described how to use RequestContext:

   https://docs.djangoproject.com/en/dev/ref/templates/api/#subclassing-context-requestcontext

with the following code fragment:

--8<---------------cut here---------------start------------->8---
from django.shortcuts import render_to_response
from django.template import RequestContext

def some_view(request):
    # ...
    return render_to_response('my_template.html',
                              my_data_dictionary,
                              context_instance=RequestContext(request))
--8<---------------cut here---------------end--------------->8---

I adapted it for my purposes and things are working fine.

The question is: is the first method supposed to work? If so, what am
I doing wrong? If not, it should be taken out of the documentation.

Also, can a link be added in the first page to get to the second page
easily?

Thanks!
--
Nick



--
You received this message because you are subscribed to the Google Groups "Django users" group.
To unsubscribe from this group and stop receiving emails from it, send an email to django-users+unsubscribe@googlegroups.com.
To post to this group, send email to django-users@googlegroups.com.
Visit this group at http://groups.google.com/group/django-users?hl=en.
For more options, visit https://groups.google.com/groups/opt_out.
 
 

posted by twitter @ 5:48 PM   0 Comments

0 Comments:

Post a Comment

Subscribe to Post Comments [Atom]

<< Home


Real Estate