1

I'm getting this error when submit: 

CSRF verification failed. Request aborted.

I've got this far following the documentation, but I don't fully understand it and it's definitely wrong. I just want to take a query word from my search box(form) and pass it to a python script as an argument. I'm new to Django and getting stuck on the easiest things.

In models.py:

class QueryForm(forms.Form):
    query = forms.CharField(label='query',max_length=100)

I added this line to my urls.py

url(r'^results/$', 'tweemo.views.results'),

On my homepage where my search box is I have this code for my form:

<form action="/home/results/" method="post">
    <label for="query">Search:</label>
    <input id="query" type="text" name="query" value="{{ current_query }}">
    <input type="submit" value="ok">
</form>

In views.py I added these two functions:

def get_query(request):
    if request.method == 'POST':
        form = QueryForm(request.POST)
        if form.isvalid():
             return HttpResponseRedirect('/thanks/')
    else:
         form = QueryForm()
    return render(request, 'results.html', {'form': form})

def results(request):
    return render_to_response('results.html',{'here':TwitterStream.objects.all() })

MY results.html contains just this:

<form action="/home/results/" method="post">
    {% csrf_token %}
    {{ form }}
    <input type="submit" value="Submit"/>
</form>
Improve this question
1
  • You need a {% csrf_token %} like this... <form ...>{% csrf_token %} Another thing - It is not a good idea to serve /search requests as a POST. The reason being the use can bookmark the link, etc.. if it is a GET request (ease of use.) Commented Jul 5, 2014 at 2:25

2 Answers 2

Reset to default
2

You must just add the {% csrf_token %} tag inside EVERY <form></form> tag which has method to be post in your template.

So the below markup should be corrected:

<form action="/home/results/" method="post">
    {% csrf_token %}
    <label for="query">Search:</label>
    <input id="query" type="text" name="query" value="{{ current_query }}">
    <input type="submit" value="ok">
</form>
Improve this answer
Sign up to request clarification or add additional context in comments.

2 Comments

Thanks,but that didn't fix it actually.
So, I want to ask, which page and which form did you submit from that leads to the error? What's the method attribute of that form? The CSRF verification error only occurs when the form was submitted with post method and doesn't have the 'csrf_token' field. @COOLBEANS
1

Well the problem is that you are not passing the csrf token to the form , you need to pass the csrf token to the render function in order for it to be applied in the form . To accomplish this you need to associate the csrf token to the request.

def get_query(request):
    if request.method == 'POST':
        form = QueryForm(request.POST)
        if form.isvalid():
             return HttpResponseRedirect('/thanks/')
    else:
         form = QueryForm()
    args = {}
    args.update(csrf(request))
    args['form'] = form
    return render_to_response('results.html', args)

def results(request):
    return render_to_response('results.html',{'here':TwitterStream.objects.all() })
Improve this answer

Comments

Your Answer

By clicking “Post Your Answer”, you agree to our terms of service and acknowledge you have read our privacy policy.

Start asking to get answers

Find the answer to your question by asking.

Ask question

Explore related questions

See similar questions with these tags.