Electronics & Programming

develissimo

Open Source electronics development and programming

  • You are not logged in.
  • Root
  • » Django
  • » Forbidden (403) - CSRF verification failed. Request aborted. [RSS Feed]

#1 Dec. 17, 2010 15:17:17

h.
Registered: 2009-11-02
Reputation: +  0  -
Profile   Send e-mail  

Forbidden (403) - CSRF verification failed. Request aborted.


I have pretty much completed the intro. tutorial for django. I'm now
trying to add some actual updating screens to the existing site, to
experiment and also to try to figure out more how everything works.
I'm currently trying to code an "addpoll" screen which I've coded to
look like this:

<h1>Add Poll Screen</h1>

{% if error_message %}<p><strong>{{ error_message }}</strong></p>{%
endif %}

<form action="/polls/addpoll/" method = "post">
{% csrf_token %}
<strong>QUESTION: </strong>
<input nsme="question" type=text size=75 maxlength=70
value="please enter poll question text here">

<input type="submit" value="addpoll" />

</form>

I'm able to display the above screen just fine, but when I click the
"addpoll" button I get the 403 error listed above. I have currently
coded the view that I'm trying to post to like this:

def addpoll(request):
dctnry = {'error_message': 'No new poll data added'}
return render_to_response('polls/addpoll.html', dctnry,

context_instance=RequestContext(request))

just to see if I can get and informational error message to be
displayed on the screen. So can someone explain what's wrong with my
addpoll view and/or the screen code above? I also need to figure out
how to extract the screen data out of the request, in my views. I'd
very much appreciate any help in trying to figure this out. Thanks.

--
You received this message because you are subscribed to the Google Groups
"Django users" group.
To post to this group, send email to django-us...@googlegroups.com.
To unsubscribe from this group, send email to
django-users+unsubscr...@googlegroups.com.
For more options, visit this group athttp://groups.google.com/group/django-users?hl=en.

Offline

#2 Dec. 17, 2010 17:21:41

Daniel R.
Registered: 2009-11-02
Reputation: +  0  -
Profile   Send e-mail  

Forbidden (403) - CSRF verification failed. Request aborted.


It's not just the view that processes the form that needs RequestContext - the
one that generates it does too. Normally these are the same view, but it looks
from your code that you are posting to a different view. Perhaps you could show
the code of the other one and we'll see what is wrong with it.
--
DR

--
You received this message because you are subscribed to the Google Groups
"Django users" group.
To post to this group, send email to django-us...@googlegroups.com.
To unsubscribe from this group, send email to
django-users+unsubscr...@googlegroups.com.
For more options, visit this group athttp://groups.google.com/group/django-users?hl=en.

Offline

#3 Dec. 20, 2010 09:27:20

Daniel R.
Registered: 2009-11-02
Reputation: +  0  -
Profile   Send e-mail  

Forbidden (403) - CSRF verification failed. Request aborted.


On 17 December 2010 19:46, hank23 <hversem...@stchas.edu> wrote:
> Thanks for the note. Below is the screen code again which I've changed
> a little, plus the two views which deal with it. Let me know if you
> need anything else. Here's the screen code:
>
> <h1>Add Poll Question Screen</h1>
>
> {% if error_message %}<p><strong>{{ error_message }}</strong></p>{%
> endif %}
>
> <form action="/polls/addpoll/" method = "post">{% csrf_token %}
>
> <strong>QUESTION: </strong>
> <input nsme="question" type=text size=75 maxlength=70
> value="please enter poll question text here">
> <br /><br />
> <input type="submit" value="addpoll" />
>
> </form>
>
> Here's the code to display the screen initially:
>
> @csrf_protect
> def addnewpoll(request):
> p = get_list_or_404(Poll)
> dctnry = {}
> pollcount = 0
> for item in p:
> pollcount = pollcount + 1
> dctnry = pollcount
> return render_to_response('polls/addpoll.html', dctnry,
>
> context_instance=RequestContext(request))
>
> Here's the code of the view to receive the request after the addpoll
> button on the screen is clicked:
>
> @csrf_protect
> def addpoll(request):
> dctnry = {}
> dctnry = "No new poll data added"
> return render_to_response('polls/addpoll.html', dctnry,
>
> context_instance=RequestContext(request))
>
> This last block of code I just wanted to display an error messge on
> the screen the first time so I knew itwas receiving the request ok.
> How would I extract the question text from the textbox on the screen/
> request if I wanted to in this view, so that I could take it an create
> a new poll object? The documentation on django is good but sometimes
> pieces of information seem to be missing so that its difficult to
> figure how everything works. More examples with complete coding and
> more detailed explanations would help in some instances. Thanks in
> advance for the help.
>

This sort of user interaction is usually best done with Django forms. Look
at the documentation for standard forms here:http://docs.djangoproject.com/en/1.2/topics/forms/The forms framework will handle form creation, display and validation.
There's also a specific ModelForm class, which abstracts form creation based
on a model and creating model instances based on the POSTed values, see
here:http://docs.djangoproject.com/en/1.2/topics/forms/modelforms/Note specifically the "Using a form in a view" section of that first link,
which shows the standard pattern of handling both the initial form request
and the processing of the submitted data in the same view, rather than
separate views for each. Also, you shouldn't need to specifically decorate
your views with @csrf_protect: since version 1.2, CSRF protection is always
on by default.

To answer your specific question on how to get access to POSTed values, you
can always use request.POST - see the request documentation
here:http://docs.djangoproject.com/en/1.2/ref/request-response/But as I say above, you're better off using the forms framework in this
situation.

One final point: your code above to get the count of Polls in your database
is very inefficient. You can do in one go:
Poll.objects.all().count()
which simply sends a SELECT COUNT(*) to the database.
--
DR.

--
You received this message because you are subscribed to the Google Groups
"Django users" group.
To post to this group, send email to django-us...@googlegroups.com.
To unsubscribe from this group, send email to
django-users+unsubscr...@googlegroups.com.
For more options, visit this group athttp://groups.google.com/group/django-users?hl=en.

Offline

  • Root
  • » Django
  • » Forbidden (403) - CSRF verification failed. Request aborted. [RSS Feed]

Board footer

Moderator control

Enjoy the 12th of December
PoweredBy

The Forums are managed by develissimo stuff members, if you find any issues or misplaced content please help us to fix it. Thank you! Tell us via Contact Options
Leave a Message
Welcome to Develissimo Live Support