Question
I'm running a really basic django login app (I thought) based on the official docs and...it's still not working no matter what I'm doing, and I've been looking through every single question on StackOverflow and not finding the answer. I'm running django.VERSION 1.5.0.
Every single thing I add or do to the code, I still get a CSRF verification failed error.
Inside my portal/views.py:
https://stackoverflow.com/questions/18116581
italiano
english
français
española
中国
日本の
العربية
Deutsch
한국어
Português
Russian@cache_page(60 * 15)
@csrf_protect
def index(request, id=None):
return render_to_response('undercovercoders/index.html', context_instance=RequestContext(request))
@cache_page(60 * 15)
def login_user(request):
if request.POST:
username = request.POST.get['username']
password = request.POST.get['password']
user = authenticate(username=username, password=password)
if user is not None:
if user.is_active:
login(request, user)
state = "You're successfully logged in!"
else:
state = "Your account is not active, please contact the site admin."
else:
state = "Your username and/or password were incorrect."
return render_to_response('undercovercoders/index.html', {'state':state, 'username':username}, context_instance=RequestContext(request))
Inside my portal/templates/index.html:
<div id="login-box">
{% if form.errors %}
<p>Your username and password didn't match! Please try again!</p>
{% endif %}
{{ state }}
<form class="login-widgets" action="/login/" method="post">{% csrf_token %}
Username :
<input class="login-widgets-text" type="text" name="username" value="{{ username }}" />
{{ form.username }}<br />
Password :
<input type="password" name="password" value="{{ password }}" />
{{ form.password }}<br />
<input class="login-button" type="submit" value="login" />
<input type="hidden" name="next" value="{{ next }}" />
</form>
In my urls.py /login/ is defined with the following
(r'^login/$', 'portal.views.login'),
My settings.py is the following:
MIDDLEWARE_CLASSES = (
'django.middleware.common.CommonMiddleware',
'django.contrib.sessions.middleware.SessionMiddleware',
'django.middleware.csrf.CsrfViewMiddleware',
'django.contrib.auth.middleware.AuthenticationMiddleware',
'django.contrib.messages.middleware.MessageMiddleware',
# Uncomment the next line for simple clickjacking protection:
# 'django.middleware.clickjacking.XFrameOptionsMiddleware',
)
Please help, I've been wrestling with this error all evening.
EDIT: My console returns this to me when I added the changed to my render :
/Library/Python/2.7/site-packages/django/template/defaulttags.py:59: UserWarning: A {% csrf_token %} was used in a template, but the context did not provide the value. This is usually caused by not using RequestContext.
warnings.warn("A {% csrf_token %} was used in a template, but the context did not provide the value. This is usually caused by not using RequestContext.")
[07/Aug/2013 21:44:25] "GET / HTTP/1.1" 200 2881
[07/Aug/2013 21:44:25] "GET /static/css/screen.css HTTP/1.1" 304 0
[07/Aug/2013 21:44:29] "POST /login/ HTTP/1.1" 403 2282
Solution
In your views
return render(request, 'template/index.html', {'state':state, 'username':username}, c)
you should do
return render(request, 'template/index.html', {'state':state, 'username':username})
Right now you are passing c in place of context_instance argument that forces the use of a RequestContext.
