1. add {% csrf_token %} in your form content and it will be converted into a hidden field in the form. Once you check the source code of the form you will see it. <Correct Way to do>
{% extends "base.html" %}
{% block title %}Create Event - {{block.super}}{% endblock %}
{% block main_content %}
<form method="POST" action="" >
{% csrf_token %}
<ul>
{{form.as_ul}}
</ul>
<input type="Submit" value="Create Event"/>
</form>
{% endblock%}
Source cod ein the web browser:
<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html>
<head>
<title>Create Event - start the dark </title>
</head>
<body>
<form method="POST" action="" >
<div style='display:none'><input type='hidden' name='csrfmiddlewaretoken' value='471f168bfebf80ca7a26caad39e54aca' /></div>
<ul>
<li><label for="id_description">Description:</label> <textarea id="id_description" rows="10" cols="40" name="description"></textarea></li>
</ul>
<input type="Submit" value="Create Event"/>
</form>
</body>
</html>
2. The other way to solve the problem is: comment the following setence in your Django configure file.It solves the problem however, this is the very bad way to do it since you will lose CSRF protection by doing so.
#'django.middleware.csrf.CsrfViewMiddleware'
Source: http://joelklabo.wordpress.com/2010/06/09/more-django-csrf-token-fun/
No comments:
Post a Comment