1
Just make sure to include {% csrf_token %} to your form in your template and it will be ok, e.g:
<form action="." method="post" class="login-form">
{% csrf_token %}
<input type="submit" value="Log in" />
</form>
0
Oops, figured out my mistake. Remove this line:
c.update(csrf(request))
and it works!
Happy holidays 
- Cannot resolve keyword 'XXX' into field
- Validating a Django field dependently on context
- Custom middleware doesn't redirect
- Model shows last for loop image
- How can I store and read a Python list of Django model objects from and to the session?
0
The view decorator requires_csrf_token can be used to ensure the template tag does work.
from django.views.decorators.csrf import requires_csrf_token
from django.shortcuts import render
@requires_csrf_token
def login(request):
c = {}
return render_to_response('login.html', c)
Refer to document:
https://docs.djangoproject.com/en/1.10/ref/csrf/#django.views.decorators.csrf.requires_csrf_token
0
You should use render() instead of render_to_response(). render() will call your context processors, including the one that adds the csrf token to the context:
from django.shortcuts import render
def login(request):
return render(request, 'login.html', c)
Then you can simply use {% csrf_token %} inside the form in your template.
It is generally always recommended to use render() over render_to_response():
This function preceded the introduction of render() and works similarly except that it doesn’t make the request available in the response. It’s not recommended and is likely to be deprecated in the future.