Getting csrfmiddleware token in url

1
votes

I am getting csrf token in the url after submitting my form like this.

http://127.0.0.1:8000/detail/?csrfmiddlewaretoken=lqvoeSG32IcodLTFksWEU1NPQ9XCmHybwmzMKEuPzxDN1e73B0JORpAGOcGGxsjH&symbol=FLWS

After making a GET request to view, the url is showing the csrf token in the url.

/views.py

def search(request):
    if(request.method=='GET'):
        form=searchform(request.GET)
        if(form.is_valid()):
            id=request.GET['symbol']
            data=company.objects.filter(Symbol=id)
            form=searchform()
            return render(request, 'list-company.html',{"data":data,"form":form})

/urls.py

from django.contrib import admin
from django.urls import path
from csv2db.views import Company,search
urlpatterns = [
    path('admin/', admin.site.urls),
    path('company/',Company,name='company-details'),
    path('detail/',search,name='search')

]

form in HTML file

{% block content %}
        <form method="get" action="{% url 'search'  %}">
            {% csrf_token %}
            {{ form.as_ul}}
            <button type="Submit">Submit</button>
        </form>
2
djangodjango-csrf

2 Answers

2
votes

You are adding csrf_token template tag in the HTML file and form method is set to get. So data is appended as query parameters including csrf token.

So you can either change it to post method or remove the csrf_token template tag.

1
votes
{% block content %}
        <form method="POST" action="{% url 'search'  %}">
            {% csrf_token %}
            {{ form.as_ul}}
            <button type="Submit">Submit</button>
        </form>

and change your view

def search(request):
    form=searchform()
    if(request.method=='POST'):
        form=searchform(request.POST)
        if(form.is_valid()):
            id=request.GET['symbol']
            data=company.objects.filter(Symbol=id)
            form=searchform()
            return render(request, 'list-company.html',{"data":data,"form":form})
    return render(request, 'list-company.html',{"form":form})