1

I am using django 1.4 with bootstrap. I am getting verification error even when I have included the token. I have also included the requestcontext in the view and everything that is written in the django documentation. Here's my code:

    template
<!-- Modal -->
<div class="modal fade" id="myModal" tabindex="-1" role="dialog" aria-labelledby="myModalLabel" aria-hidden="true">
<form action="/home/create/" method="POST" id="cform" enctype="multipart/form-data">{% csrf_token %}
 {{ form.as_p }}
<div class="modal-dialog">
<div class="modal-content">
  <div class="modal-header">
    <button type="button" class="close" data-dismiss="modal" aria-hidden="true">&times;</button>
    <h4 class="modal-title" id="myModalLabel">Complaint Form</h4>
  </div>    
  <div class="modal-body">


   <div class="bs-docs-example">
<p> TYPE </p>
<select id="Type" class="selectpicker" title="Choose a category" form=cform>
    <option>Air Conditioning</option>
    <option>Plumbing</option>
    <option>Carpentry</option>
<option>Housekeeping</option>
<option>Electricity</option>
<option>Masonry</option>
<option>Lifts</option>
<option>Parking</option>
<option>Fire</option>
<option>Civil</option>
<option>Pest Control</option>
<option>Miscellaneous</option>
    </select>
</div>
 <div class="bs-docs-example">
<br>
<p> BLOCK </p>
<select id="block" class="selectpicker" title="Choose a building" form=cform>
    <option>Academic Block</option>
    <option>Dinning Block</option>
    <option>Faculty Housing</option>
<option>Library</option>
<option>Girls' Hostel</option>
<option>Boys' Hostel</option>
    </select>
</div>


<div class="bs-docs-example">
<br>
<p> EXACT LOCATION </p>
<input type="text" class="form-control" id="location" name="elocation" style="width: 100%; height: 50px"> </textarea>
</div>
<div class="bs-docs-example">
<br>
<p> DESCRIPTION </p>
<input type="text" class="form-control" id="description" name="elocation" style="width: 100%; height: 100px"> </textarea>
</div>
  </div>
  <div class="modal-footer">
    <button type="button" class="btn btn-default" data-dismiss="modal">Close</button>
    <button type="submit" class="btn btn-primary" value="Save">Submit</button>
  </div>
 </div>
 </div> 
</form>
 </div>

Views.py

def myComplaint(request):
if request.method == "POST":
    form = UploaderForm(request.POST)
    if form.is_valid():
        a = form.save()
        messages.add_message(request, messages.SUCCESS, "You Article was added")
        return HttpResponseRedirect('/home')
    else:
        form = UploaderForm()

args = {}
args.update(csrf(request))

args['form'] = form    

return render_to_response("home.html", args)

Thanks in advance!

Additional Info Just checked my post method using HTTPFox and it's sending the csrf token. Is there anyway to ensure that my view is getting the csrf token or not?

Anmol
  • 41
  • 3
  • Have you tried solutions provided for http://stackoverflow.com/questions/4775034/django-1-2-4-csrf-verification-failed?rq=1 question? – Andrzej Bobak Apr 10 '14 at 05:12
  • Since you are starting new project, why don't you use the latest version of Django? – pynovice Apr 10 '14 at 05:23
  • Well, it's not a new project anymore, the whole site is build, only linking to database is remaining. – Anmol Apr 10 '14 at 05:25

2 Answers2

1

In your views, you have updated the args with csrf request but not used passed the RequestContext.

return render_to_response('home.html', args, 
                                       context_instance=RequestContext(request))
Santosh Ghimire
  • 3,087
  • 8
  • 35
  • 63
0

You can try csrf token in this manner

from django.views.decorators.csrf import csrf_protect
from django.template import RequestContext

@csrf_protect
def my_view(request):
    c = {}
    # ...
    return render_to_response("a_template.html", c,
                           context_instance=RequestContext(request))
Ankit Mittal
  • 662
  • 3
  • 6
  • First you import -> from django.views.decorators.csrf import csrf_exempt and after that use csrf_exempt in place of csrf_protect – Ankit Mittal Apr 10 '14 at 10:07
  • If you use `@csrf_exempt`, the view will work (you won't get an CSRF error) but obviously that leaves your view vulnerable to CSRF attacks. CSRF tokens are used for a reason and should not be disabled without a good reason. – knbk Apr 10 '14 at 10:31