Error in Django 1.10.5 - previously working

[tulpn]

Hi there,

I have been using the django-session-csrf successfully for quite some time. But recently I have received an error in my login page:

UserWarning: A {% csrf_token %} was used in a template, but the context did not provide the value.  This is usually caused by not using RequestContext.

I have the exact setup as described in the readme.

I am using a FBV for the login with the @anonymous_csrf decorator.

@anonymous_csrf
def login_solo(request):
    if request.user.is_authenticated():
        return redirect('/')

    context = {}
    if request.GET.get('next'):
        next_url = request.GET.get('next', "")
        context.update({'next': next_url})

    form = LoginForm(request.POST or None)
    if request.POST:
        if form.is_valid():
            email = form.cleaned_data['email']
            password = form.cleaned_data['password']
            if email and password:
                user = authenticate(email=email, password=password)
                if user is not None:
                    if user.has_fa_enabled():
                        request.session['user_id'] = user.id
                        return redirect(reverse("login_tfa"))
                    else:
                        login(request, user)
                        if user.language is not None:
                            set_user_language(request, user.language.lang_code)
                        render(request, 'login/login_success.html', context)
                else:
                    message = log_failed_login_attempt(request, email)
                    if message != "":
                        messages.error(request, message)

    context.update({'form': form})
    return render(request, 'login/login_solo.html', context)

When I successfully login I like to redirect, which did not work anymore, so my current test code is as above. The line

render(request, 'login/login_success.html', context)

Throws the error and I am presented with a CSRF Failure view.

In my template I am using

{% csrf_token %}

From my setttings.py:

TEMPLATES = [....
'OPTIONS': {
            'context_processors': [
                'django.contrib.auth.context_processors.auth',
                'django.template.context_processors.debug',
                'django.template.context_processors.request',
                'django.template.context_processors.i18n',
                'django.template.context_processors.media',
                'django.template.context_processors.static',
                'django.template.context_processors.tz',
                'django.contrib.messages.context_processors.messages',
                'session_csrf.context_processor',
...


MIDDLEWARE_CLASSES = (
    'django.contrib.sessions.middleware.SessionMiddleware',
    'django.middleware.locale.LocaleMiddleware',
    'django.middleware.common.CommonMiddleware',
    'django.contrib.auth.middleware.AuthenticationMiddleware',
    'session_csrf.CsrfMiddleware',
    'django.contrib.messages.middleware.MessageMiddleware',
....
...

I currently run the app via runserver on localhost and proxy via gunicorn.

[tulpn]

I assume that this project is going to discontinue once 1.11 stable is out due to the introduction of the session setting for csrfs. But in the meantime is it possible to have a look? bump

[moggers87]

@tulpn can you check the value of {{ csrf_token }} in the template?