within my django app I am storing strings of html in the db that will then be displayed on the users\' home pages as \"messages\". Some of these messages contain forms, but not
The accepted answer assumes that token is already set in the request object.
Maybe something like this is better:
from django.middleware import csrf
def get_or_create_csrf_token(request):
token = request.META.get('CSRF_COOKIE', None)
if token is None:
token = csrf._get_new_csrf_key()
request.META['CSRF_COOKIE'] = token
request.META['CSRF_COOKIE_USED'] = True
return token
The way to use it, is to use it directly in the templates.
From the documentation,:
<form action="" method="post">
{% csrf_token %}
is all you have to include.
Call django.middleware.csrf.get_token(request)
to get the CSRF token.