Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Form Submission after Errors throws CSRF Forbidden #40

Open
tulpn opened this issue Nov 20, 2016 · 3 comments
Open

Form Submission after Errors throws CSRF Forbidden #40

tulpn opened this issue Nov 20, 2016 · 3 comments

Comments

@tulpn
Copy link

tulpn commented Nov 20, 2016

I have followed the instructions for this module, and the CSRF tokens seem to work. I have a custom SessionEngine and I can see that the csrf_token is correctly bound to a session.

However, when I submit a form purposely with false data and the form returns with an error, the user is not able to correct their input and submit the form again. On second submit the user receives a CSRF Forbidden message.

I am using django's render() method in my views. So it should take care of all the CSRF for the request/context. Is there anything else that I need to take care of?
@tulpn
Copy link
Author

tulpn commented Nov 20, 2016

Ok, it seems that context.update(csrf(request)) caused this issue.

@glogiotatidis
Copy link
Contributor

Hi @tulpn

Ok, it seems that context.update(csrf(request)) caused this issue.

Does this mean that it works for you now? I'd directly request and render the token in the template using {% csrf_token %}

@tulpn
Copy link
Author

tulpn commented Nov 21, 2016

Yes, it does work. I was also using the {% csrf_token %} tag in my templates.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
2 participants
@glogiotatidis @tulpn