Threadedcomments - csrf token and user_name
https://stackoverflow.com/questions/4842821
-
27-10-2019 - |
italiano
english
français
española
中国
日本の
العربية
Deutsch
한국어
Português
Russian문제
I am using django-threadedcomments. Everything works fine except 2 things: csrf token and user template tag.
Problem is, when user submits a comment, there is no csrf token for the form, so the form could not be validated server-side. Tried adding csrf token to the dictionaries that threaded-comments passes internal with no result; kept receiving errors (most of them telling that this-method takes only 2 arguments with 3 given). Tried to fix those methods to accept 3 arguments and just pass third one further; no success.
Did someone stumble upon the same problem in past and solved it? because this is not an acceptable solution for me:
MIDDLEWARE_CLASSES = (
#'django.middleware.csrf.CsrfViewMiddleware',
)
Second one - there is a HTML helper to get the user_id for the user who posted a comment. Is there an out of the box html helper to get the name of the user by id or would i have to write it myself?
http://code.google.com/p/django-threadedcomments/
Here is the code for the project, I cant really tell exactly which chunks of it should be posted here so I just give link to the entire project.
I am really stuck in here and any help would be welcomed.
Thanks in advance.
해결책
Tried adding csrf token to the dictionaries that threaded-comments passes internal with no result;
csrf_token is a template tag -- it shouldn't be passed as an argument somewhere.
I took a look at threadedcomments and it's based on contrib.comments with no html rendering, so it's up to you to insert the csrf_token in your template.
What does your TEMPLATE code look like that is displaying your form code?
If you have CsrfViewMiddleware enabled and you are using RequestContext in your view, you simply need to add {% csrf_token %} inside of your <form></form> tags.
As for getting the user name:
ThreadedComment is a subclasses of Comment which has a name property, or you could just access the User directly...
{% for comment in comments %
{{ comment.user.first_name }}
{{ comment.name }}
{% endfor %}
다른 팁
You should use {% csrf_token %} tag or @csrf_protect in a views
You can put your form in its own template and {% include %} it into your page template. As of Django 1.3, {% include %} can pass context variables to the included template. Here's what I'm using with django.contrib.comments instead of a templatetag:
...
{% include "comments/comment-form.html" with content_object=article user=request.user %}
...
{%csrf_token %} works in this included template because it's using your main view context.
