On Thu, Nov 4, 2010 at 5:31 PM, octopusgrabbus
<[email protected]> wrote:
> Thanks.
> I did both what you said (modified form to have csrf tag)
>
> <form action="." method="post">{% csrf_token %}
>
> and made sure the csrf includes were correct. I was missing one.
>
> MIDDLEWARE_CLASSES = (
> 'django.middleware.common.CommonMiddleware',
> 'django.contrib.sessions.middleware.SessionMiddleware',
> 'django.middleware.csrf.CsrfViewMiddleware',
> 'django.middleware.csrf.CsrfResponseMiddleware',
> 'django.contrib.auth.middleware.AuthenticationMiddleware',
> 'django.contrib.messages.middleware.MessageMiddleware',
> )
>
django.middleware.csrf.CsrfResponseMiddleware is deprecated and should
only be needed if your site is deficient in adding {% csrf_token %} to
all forms that post internally.
In fact, you should get a lovely warning message each time you start
your server reminding you of the fact.
If you add the tokens correctly, you do not require
django.middleware.csrf.CsrfResponseMiddleware.
Cheers
Tom
--
You received this message because you are subscribed to the Google Groups
"Django users" group.
To post to this group, send email to [email protected].
To unsubscribe from this group, send email to
[email protected].
For more options, visit this group at
http://groups.google.com/group/django-users?hl=en.
