How to csrf_token protection in jinja2 template engine?

django csrf jinja2
nguyên picture nguyên · Oct 21, 2011 · Viewed 9.7k times · Source

In Django template I used:

<form action="/user" method="post">{% csrf_token %}
    {{ form.as_p|safe }}
    <input type="submit" value="Submit" />
</form>

But error when I change to jinja2 template engine:

 Encountered unknown tag 'csrf_token'

My question: csrf_token protection in jinja2 is required?

If required, how to do this?

Thanks in advance!

Answer

Guillaume Cisco picture Guillaume Cisco · Oct 21, 2011

It seems Jinja2 works differently:

Use <input type="hidden" name="csrfmiddlewaretoken" value="{{ csrf_token }}"> where in Django templates you use {% csrf_token %}

source : http://exyr.org/2010/Jinja-in-Django/

Related questions

Django CSRF check failing with an Ajax POST request

I could use some help complying with Django's CSRF protection mechanism via my AJAX post. I've followed the directions here: http://docs.djangoproject.com/en/dev/ref/contrib/csrf/ I've copied the AJAX sample code they have on that page …

Read More
CSRF verification failed. Request aborted

I try to build a very simple website where one can add data into sqlite3 database. I have a POST form with two text input. index.html: {% if top_list %} <ul> <b><pre>Name …

Read More
Django Rest Framework remove csrf

I know that there are answers regarding Django Rest Framework, but I couldn't find a solution to my problem. I have an application which has authentication and some functionality. I added a new app to it, which uses Django Rest …

Read More