Skip to content

HTTPS clone URL

Subversion checkout URL

You can clone with HTTPS or Subversion.

Download ZIP

Loading…

Update chapter07.rst #17

Merged
merged 3 commits into from

2 participants

@Lapin-Blanc

For the example to work, you have to use {% csrf_token %} and additional imports in views.py

@jacobian
Owner

See my comment on #18.

@Lapin-Blanc

Sorry, I didn't see it... I'll have a look at what you ask... Are the additional imports valid ?

@jacobian
Owner

Yup, those look fine.

Lapin-Blanc and others added some commits
@Lapin-Blanc Lapin-Blanc Update chapter07.rst
For the example to work, you have to use {% csrf_token %} and additional imports in views.py
26d38a4
Fabien Added short documentation about csrf_token
This is the first time csrf_token is used in the book, the short
explanation comes from the django tutorial, part 4, as my english is
kind of weak...
035db6d
Fabien Added link to relevant chapters 524d7f9
@jacobian jacobian merged commit b67215a into from
@jacobian jacobian referenced this pull request
Closed

Update chapter07.rst #18

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Commits on Dec 4, 2012
  1. @Lapin-Blanc

    Update chapter07.rst

    Lapin-Blanc authored unknown committed
    For the example to work, you have to use {% csrf_token %} and additional imports in views.py
Commits on Dec 5, 2012
  1. Added short documentation about csrf_token

    Fabien authored
    This is the first time csrf_token is used in the book, the short
    explanation comes from the django tutorial, part 4, as my english is
    kind of weak...
  2. Added link to relevant chapters

    Fabien authored
This page is out of date. Refresh to see the latest.
Showing with 11 additions and 0 deletions.
  1. +11 −0 chapter07.rst
View
11 chapter07.rst
@@ -959,6 +959,8 @@ Here's how we can rewrite ``contact()`` to use the forms framework::
from django.shortcuts import render
from mysite.contact.forms import ContactForm
+ from django.http import HttpResponseRedirect
+ from django.core.mail import send_mail
def contact(request):
if request.method == 'POST':
@@ -995,6 +997,7 @@ Here's how we can rewrite ``contact()`` to use the forms framework::
<table>
{{ form.as_table }}
</table>
+ {% csrf_token %}
<input type="submit" value="Submit">
</form>
</body>
@@ -1006,6 +1009,14 @@ Look at how much cruft we've been able to remove! Django's forms framework
handles the HTML display, the validation, data cleanup and form
redisplay-with-errors.
+Since we're creating a POST form (which can have the effect of modifying data),
+we need to worry about Cross Site Request Forgeries. Thankfully, you don't have
+to worry too hard, because Django comes with a very easy-to-use system for
+protecting against it. In short, all POST forms that are targeted at internal
+URLs should use the ``{% csrf_token %}`` template tag. More details about
+``{% csrf_token %}`` can be found in :doc:`chapter16` and :doc:`chapter20`.
+
+
Try running this locally. Load the form, submit it with none of the fields
filled out, submit it with an invalid e-mail address, then finally submit it
with valid data. (Of course, depending on your mail-server configuration, you
Something went wrong with that request. Please try again.