1
votes

Why does Django show this error: 'Forbidden (403)CSRF verification failed. Request aborted.' when I already have {% csrf_token %} in the form.

templates/core/signup.html

{% block content %}
    <form method="post">
        {% csrf_token %}
        {{ form.as_p }}
        <button type="submit">Sign up</button>
    </form>
{% endblock %}

views.py

from django.contrib.auth.forms import UserCreationForm 
from django.views.generic.edit import CreateView 

class SignUpView(CreateView): 
    template_name = 'core/signup.html' 
    form_class = UserCreationForm
2

2 Answers

0
votes

Since you are already passing on the csrf token from django.core.context_processors.csrf to the context manager. Check whether the form HTML has something like this or not:

<input type='hidden' name='csrfmiddlewaretoken' value="jqhdwjavwjagjzbefjwdjqlkkop2j3ofje" />

A couple of other things are required to make the csrf protection work (check out the docs):

  • Your browser has to accept cookies from your server

  • Make sure you have 'django.middleware.csrf.CsrfViewMiddleware' included as middleware in your settings.py (alternatively use the decorator csrf_protect() on particular views you want to protect)

-1
votes

In your views.py you need to pass the RequestContext in your render_to_response for the context processors to actually be run.

from django.template import RequestContext

 context = {}
 return render_to_response('my_template.html',
                           context,
                           context_instance=RequestContext(request))

the new render shortcut (django 1.3+) will do it for you:

from django.shortcuts import render

 context = {}
 return render(request, 'my_template.html', context)

For class-based view:

class MyFormView(View):
     form_class = MyForm
     initial = {'key': 'value'}
     template_name = 'form_template.html'

     def post(self, request, *args, **kwargs):
         form = self.form_class(request.POST)
         if form.is_valid():
             # <process form cleaned data>
             return HttpResponseRedirect('/success/')

         return render(request, self.template_name, {'form': form})