53๐
It seems Jinja2 works differently:
Use <input type="hidden" name="csrfmiddlewaretoken" value="{{ csrf_token }}">
where in Django templates you use {% csrf_token %}
36๐
I know this is an old question, but I wanted to update it with the proper way to support the csrf_token when using the new django.template.backends.jinja2.Jinja2 available in Django 1.8+. Using the django template backend you would have called {% csrf_token %}, but using the Jinja2 backend you will call it using {{ csrf_input }} (you can get just the token value instead of the token input using {{ csrf_token }}).
You can see the details in the django.template.backends.jinja2.Jinja2 source
- [Django]-Passing arguments to model methods in Django templates
- [Django]-Custom Filter in Django Admin on Django 1.3 or below
- [Django]-How to create password input field in django
2๐
in django 2.x with jinja2 templates engine you get the value of the token with {{ csrf_token }} and the complete hidden input tag with {{ csrf_input }}
source: https://django.readthedocs.io/en/2.1.x/ref/csrf.html
example:
<form action="..." method="post">
{{ csrf_input }}
...
</form>
- [Django]-Change a Django form field to a hidden field
- [Django]-How to redirect with post data (Django)
- [Django]-Django: Validate file type of uploaded file
0๐
I use Coffin.
And have same problem when use:
from coffin.shortcuts import render_to_response
return render_to_response('template_name_here.html', context)
try to use instead:
from coffin.shortcuts import render
return render(request, 'template_name_here.html', context)
- [Django]-Localized date strftime in Django view
- [Django]-How to query as GROUP BY in Django?
- [Django]-Command not found: django-admin.py
0๐
You donโt need to do anything special anymore. csrf_token is supported in django-jinja and works out of the box.
<!DOCTYPE html>
<html>
<head>
<meta charset="utf-8"/>
<title>test</title>
</head>
<body>
<p>This should add a hidden input tag with the token. use it in your forms</p>
{% csrf_token %}
</body>
</html>
- [Django]-Python: Getting the error message of an exception
- [Django]-Django serve static index.html with view at '/' url
- [Django]-Making a Django form class with a dynamic number of fields
0๐
This peace of JS code can fix this, it will work for both Django and Jinja2,
because it is pure javaScript handling for post method form tags, you can customize it by explore it friends
Iโm just getting the CSRF token from cookies which already always exist and use it in form tags
let getCookie = (name) => {
var cookieValue = null;
if (document.cookie && document.cookie !== '') {
var cookies = document.cookie.split(';');
for (var i = 0; i < cookies.length; i++) {
var cookie = cookies[i].trim();
// Does this cookie string begin with the name we want?
if (cookie.substring(0, name.length + 1) === (name + '=')) {
cookieValue = decodeURIComponent(cookie.substring(name.length + 1));
break;
}
}
}
return cookieValue;
}
$(()=>{
formTags = document.querySelectorAll('[method="POST"]')
let csrfToken = getCookie('csrftoken')
Array.from(formTags).forEach(formTag=>{
var inputTag = document.createElement('input')
inputTag.setAttribute('type', 'hidden')
inputTag.setAttribute('name', 'csrfmiddlewaretoken')
inputTag.setAttribute('value', [csrfToken])
formTag.appendChild(inputTag)
})
})
- [Django]-What does "'tests' module incorrectly imported" mean?
- [Django]-Override a form in Django admin
- [Django]-TextField missing in django.forms
-1๐
I had the same problem, and what I noticed is that the CSRF context processor isnโt in the list of the default loaded processors. After adding 'django.core.context_processors.csrf' to the TEMPLATE_CONTEXT_PROCESSORS in setting.py I could use the {% csrf_token %} template tag normally.
- [Django]-How can I run a celery periodic task from the shell manually?
- [Django]-How to modify Django admin filter's title
- [Django]-UnicodeEncodeError: 'ascii' codec can't encode character