Skip to content


Subversion checkout URL

You can clone with
Download ZIP
Browse files

Fixed #12095 - login and other contrib views failing if template rend…

…ered using inclusion tag.

The {% csrf_token %} tag is unable to get its value if a template is
rendered using an inclusion_tag, since that creates a brand new Context,
rather than using the existing one.  Since this is a common pattern, and we
need CSRF protection to be as simple and easy as possible, we special case
the csrf_token and copy it from the parent context to the new context.

A more elegant and general solution may appear in future, but this is good
enough for now.

git-svn-id: bcc190cf-cafb-0310-a4f2-bffc1f526a37
  • Loading branch information...
1 parent 4281bf3 commit 43c2ed0eb3f9996539f03e4ad68a08534023659a @spookylukey spookylukey committed
Showing with 8 additions and 2 deletions.
  1. +8 −2 django/template/
10 django/template/
@@ -942,8 +942,14 @@ def render(self, context):
t = get_template(file_name)
self.nodelist = t.nodelist
- return self.nodelist.render(context_class(dict,
- autoescape=context.autoescape))
+ new_context = context_class(dict, autoescape=context.autoescape)
+ # Copy across the CSRF token, if present, because inclusion
+ # tags are often used for forms, and we need instructions
+ # for using CSRF protection to be as simple as possible.
+ csrf_token = context.get('csrf_token', None)
+ if csrf_token is not None:
+ new_context['csrf_token'] = csrf_token
+ return self.nodelist.render(new_context)
compile_func = curry(generic_tag_compiler, params, defaults, getattr(func, "_decorated_function", func).__name__, InclusionNode)
compile_func.__doc__ = func.__doc__

0 comments on commit 43c2ed0

Please sign in to comment.
Something went wrong with that request. Please try again.