Django CSRF Framework having many failures

Question

I\'m getting many failures from the CSRF Django middleware on my site (the version from SVN trunk.) The only errors I get are: CSRF failure: reason=CSRF token missing or incorr

Answer 1

I really struggled to get it right, but eventually did. Here were my main issues (Django 1.2 beta):

1. Make sure your middleware stuff is right, according to the version of Django that you are using. This is well covered in Django's literature online.
2. Make sure that you have the {% csrf_token %} in each form,just following the opening tag for the form
3. This was my main problem, make sure that all your forms have an go-to page, i.e. don't do action="" in your form.

4. Make sure that your settings emails are all the right ones. I had to do something like this:

   EMAIL_HOST='mail.my-domain.com' EMAIL_HOST_USER='my user name on the server' EMAIL_HOST_PASSWORD='passwd' EMAIL_PORT= '26' # often seems to be 25 or 26 on many of the forum posts I read DEFAULT_FROM_EMAIL='noreply@domain.com' # on hosted domains, make sure it is set up and sending SERVER_EMAIL = 'noreply@domain.com' # Same email as above

   5. Add the request_context to the end of your render_to_response

   return render_to_response('contact.htm',{'favicon':r'____.ico', 'more_stuff':"......" 'more_stuff':"......" 'more_stuff':"......" }, context_instance = RequestContext(request))

Make sure you have:

TEMPLATE_CONTEXT_PROCESSORS = (
     "django.contrib.auth.context_processors.csrf",
     .....
   )

in your settings.py file.

Note that this is really not a how to, this is just what I did to get mine working. The reason for posting it now is that I see so many people on forums discussing this topic resort to just turning the csrf_token off.