django-csrf

within my django app I am storing strings of html in the db that will then be displayed on the users' home pages as "messages". Some of these messages contain forms, but not being written in the template language, I am not able to insert the csrf token (thus breaking the app). Is there a way to insert this token directly from within the python files i'm editing? i'm looking for something along the lines of: csrf_token = django.csrf.generate() message = "press the button please: <form><input type='hidden' name='csrf_token' value='%s'><input type='submit' value='press here'></form>" % (csrf

I'm writing a site using REST API. I use django with piston at backend (also using corsheaders.middleware.CorsMiddleware with CORS_ORIGIN_ALLOW_ALL = True). And I use backbone.js for frontend. I'm sending POST request from client-side and get error: CSRF verification failed. Request aborted. I've googled a lot and all solutions suggested something like "Use the render shortcut which adds RequestContext automatically". But I have no view, forms will be requested from frontend, that shouldn't know about how backend works. Here's code of my scipt Question = Backbone.Model.extend({ urlRoot: 'http:

When I submit my form, it doesn't post the form data and just reloads the form. It was working beforehand but I'm not sure what I've changed that doesn't make it work anymore. Posting the data through the admin still works fine. The only 'error' message I can see is in the terminal: which can be seen here It sends a get request instead of a post request as well. I've also tested it with removing the JS and bootstrap CDNs but the issue is still the same. My code is below: Here is my views.py def create(request): if request.method == 'POST': form = EventCreateForm(request.POST, request.FILES) if

I'm doing wiki in django tutorial and in tutorial earlier version of django is used where csrf token is not compulsory. I've added {% csrf_token %} to the form, however I'm not sure what to do in the views. Please help. Here's the form: <form method = "POST" action="/wikicamp/{{ page_name }}/save/">{% csrf_token %} <textarea name = "content" rows="20" cols="60">{{ content }}</textarea><br/> <input type="submit" value="Save Page"/> </form> views.py: def view_page(request, page_name): try: page = Page.objects.get(pk=page_name) except Page.DoesNotExist: return render_to_response("create.html", {

I'm really stuck. Here's what I'm trying to do. KEEP CSRF On. - please don't tell me to turn it off. I have an API app run by Django and Django Rest Framework I have a frontend app run by Vue I have installed django-cors-headers to manage CORS Everything works great localy. As soon as I move it to production, I start getting CSRF errors. Here's how everything works. I've seen answers all over that have said everything from turning off CSRF to allowing all for all the things. I want to do this right and not just shut things off and open everything up and end up with a security hole. So, here's