Shownig csrf verification failed in django

Question

When i click submit it is showing csrf verification failed eventhough i used {% csrftoken %} here my view.py:

@csrf_protect
def register(request):
 if request.method == 'POST':
    form = RegistrationForm(request.POST)
    if form.is_valid():
        user = User.objects.create_user(
        username=form.cleaned_data['username'],
        password=form.cleaned_data['password1'],
        email=form.cleaned_data['email']
        )
        return HttpResponseRedirect('/login/')
else:
    form = RegistrationForm()
catagories = Company_Profile.objects.all()
variables = RequestContext(request, {
'form': form,'catagories' : catagories
})

return render_to_response(
'index1.html',
variables

)

my html page index1.html s:

<div id="connect_signup_box" class="connect_box_form clearfix">{% csrf_token  %}
<form enctype="application/x-www-form-urlencoded" class="global_form"  action="" method="POST">{% csrf_token %}<div><div><h3>Create Account</h3>
<div class="form-elements" >
<div id="name-wrapper" class="form-wrapper"><div id="name-label"  class="form-label"><label for="name" class="optional">Name</label></div>
<div id="name-element" class="form-element">
<input type="text" name="name" id="name" value="" class="signup-name"></div>     </div>

<div id="username-wrapper" class="form-wrapper"><div id="username-label"   class="form-label"><label for="id_username">Username:</label></div>
<div id="username-element" class="form-element">
<input id="id_username" max_length="30" name="username" required="True"  type="text">
<div id="uJTtr4FGLy-wrapper" class="form-wrapper"><div id="uJTtr4FGLy-label"     class="form-label"><label for="id_email">Email Id:</label></div>
<div id="uJTtr4FGLy-element" class="form-element">
<input id="id_email" max_length="30" name="email" required="True"   type="text">
<p class="description">You will use your email address to login.</p></div>   </div>
<div id="password-wrapper" class="form-wrapper"><div id="password-label"     class="form-label"><label for="id_password1">Password:</label></div>
<div id="password-element" class="form-element">
<input id="id_password1" name="password1" type="password">
<p class="description">Passwords must be at least 6 characters in length.    </p></div></div>
<div id="passconf-wrapper" class="form-wrapper"><div id="passconf-label"    class="form-label"><label for="id_password2">Password (Confirm):</label></div>
<div id="passconf-element" class="form-element">
<input id="id_password2" max_length="30" name="password2"    render_value="False" required="True" type="password">
<p class="description">Enter your password again for confirmation.</p></div>   </div>

<p class="description">This will be the end of your profile link, for   example: <br> </p></div></div>
</div></div>
<div id="terms-wrapper" class="form-wrapper"><div id="terms-label"    class="form-label">&nbsp;</div><div id="terms-element" class="form-element">
<input type="hidden" name="terms" value=""><input type="checkbox"    name="terms" id="terms" value="1" tabindex="7">
<label class="null" for="terms">I have read and agree to the <a    target="_blank" href="help/terms.html">terms of service</a>.</label></div></div>
<div id="submit-wrapper" class="form-wrapper"><div id="submit-label"     class="form-label">&nbsp;</div><div id="submit-element" class="form-element">
<input type="hidden" name="csrfmiddlewaretoken"    value="vmGTjibc4wzzsrVshrElFs8J0T24UECG">
        <input type="submit" class="btn btn-success" value="submit">

    <input type="reset" class="btn" value="cancel">

  </div></div></div></form>  </div>

</div>

i am not using form.as_p since i need it individually to apply css.. please help me

edit: i got the answer the actual problem is i have hardcoded csrf i.e

so removed it and it works fine. thanks to @ Daniel Roseman who noticed me that and thanks to all for helping me.

I believe `{% csrf_token %}` must be encapsulated in the `
`, and why are there 2 in your template? — MrAlexBailey, Mar 10 '15 at 16:10
part of this template is from a template i downloaded. i am using this same for other pages and have no problem there.. — Jerin A Mathews, Mar 10 '15 at 17:00
It still needs to be inside the form though. And the second one seems to be a hard-coded value, which will never work, and overwrites the actual token. — Daniel Roseman, Mar 10 '15 at 17:19
Also are you using the csrf middleware? If so, you won't need the `@csrf_protect` decorator. — MrAlexBailey, Mar 10 '15 at 17:30
iam using django.middleware.csrf.CsrfViewMiddleware. i just tried @csrf_protect. — Jerin A Mathews, Mar 10 '15 at 17:38
@DanielRoseman actually this sigup has worked for me first time. then somehow it is showing this error. i dont know what happend. also i tried csrf token inside the form and it didnt worked. — Jerin A Mathews, Mar 10 '15 at 17:40
We've *told* you what happened. Remove that second, hard coded csrf input, and move the csrf_token tag inside the form. — Daniel Roseman, Mar 10 '15 at 17:44
yeah i didnt get it at first time.. i removed that.. and now its working .. thank u all. — Jerin A Mathews, Mar 10 '15 at 17:52

score 2 · Answer 1 · answered Mar 10 '15 at 16:12

2

You should pass the RequestContext as the third argument of the render_to_response():

return render_to_response('index1.html',
                          {'form': form, 'catagories': catagories},
                          RequestContext(request))

Or, as a better option, use the render() function instead of the render_to_response():

from django.shortcuts import render

return render(request, 'index1.html', variables)

answered Mar 10 '15 at 16:12

catavaran

44,703
8
98
85

when i use return render(request, 'index1.html', variables) it is showing dictionary update sequence element #0 has length 11; 2 is required also when i use return render_to_response('index1.html', {'form': form, 'catagories': catagories}, RequestContext(request)) it is showing csrf token missing. – Jerin A Mathews Mar 10 '15 at 16:54

score 1 · Accepted Answer · answered Mar 10 '15 at 18:03

You need to move the {% csrf_token %} tag - put it within the form. Also, if you are using django.middleware.csrf.CsrfViewMiddleware, you do not have to manually csrf_protect your view.

And for the context instance, try doing it like this:

def register(request):
     if request.method == 'POST':
         form = RegistrationForm(request.POST)
         if form.is_valid():
             user = User.objects.create_user(
             username=form.cleaned_data['username'],
             password=form.cleaned_data['password1'],
             email=form.cleaned_data['email']
             )
             return HttpResponseRedirect('/login/')
         else:
             form = RegistrationForm()
     catagories = Company_Profile.objects.all()
     variables = {'form': form,'catagories' : catagories}

     return render_to_response('index1.html', variables, context_instance=RequestContext(request))

Shownig csrf verification failed in django

2 Answers2