Django CSRF token won't show

13
votes

Here's the relevant snippet of HTML in the template:

    <form action="/submit_text/" method="post">
    {% csrf_token %}
    {% include "backbone/form_errors.html" %}
    {{form.as_p}}
    <input type="submit" value="Submit" />
    </form>

Here is my settings.py MIDDLEWARE_CLASSES declaration:

MIDDLEWARE_CLASSES = ( 
    'django.middleware.common.CommonMiddleware',
    'django.contrib.sessions.middleware.SessionMiddleware',
    'django.middleware.csrf.CsrfViewMiddleware',
    'django.contrib.auth.middleware.AuthenticationMiddleware',
    'django.contrib.messages.middleware.MessageMiddleware',
)

The CSRF token simply doesn't show, causing a

Forbidden (403) CSRF verification failed. Request aborted.

2
djangodjango-templatesdjango-csrf

2 Answers

22
votes

You need to pass the RequestContext in your render_to_response for the context processors to actually be run.

 from django.template import RequestContext

 context = {}
 return render_to_response('my_template.html',
                           context,
                           context_instance=RequestContext(request))

the new render shortcut (django 1.3+) will do it for you:

 from django.shortcuts import render

 context = {}
 return render(request, 'my_template.html', context)
5
votes

While there is a checked answer, I want to point out that writing context_instance.... gets really annoying. I find this useful...especially with forms

context.update(csrf(request))