In Django template I used:
在Django模板中,我使用:
<form action="/user" method="post">{% csrf_token %}
{{ form.as_p|safe }}
<input type="submit" value="Submit" />
</form>
But error when I change to jinja2 template engine:
但是当我更改为jinja2模板引擎时出错:
Encountered unknown tag 'csrf_token'
My question: csrf_token protection in jinja2 is required?
我的问题是:jinja2中需要csrf_token保护?
If required, how to do this?
如果需要,如何做?
Thanks in advance!
提前谢谢!
4 个解决方案
#1
30
It seems Jinja2 works differently:
看来Jinja2的工作方式不同:
Use <input type="hidden" name="csrfmiddlewaretoken" value="{{ csrf_token }}"> where in Django templates you use {% csrf_token %}
使用在Django模板中使用{% csrf_token %}
source : http://exyr.org/2010/Jinja-in-Django/
来源:http://exyr.org/2010/Jinja-in-Django/
#2
22
I know this is an old question, but I wanted to update it with the proper way to support the csrf_token when using the new django.template.backends.jinja2.Jinja2 available in Django 1.8+. Using the django template backend you would have called {% csrf_token %}, but using the Jinja2 backend you will call it using {{ csrf_input }} (you can get just the token value instead of the token input using {{ csrf_token }}).
我知道这是一个老问题,但我希望在使用新的django.template.backends.jinja2时,用适当的方式更新它,以支持csrf_token。Jinja2在Django 1.8+中可用。使用django模板后端,您将调用{% csrf_token %},但是使用Jinja2后端,您将使用{{{{csrf_input}}调用它(您可以使用{{{{{csrf_token}}获取令牌值,而不是令牌输入)。
You can see the details in the django.template.backends.jinja2.Jinja2 source
您可以在django.template.backends.jinja2中看到细节。Jinja2源
#3
0
I use Coffin. And have same problem when use:
我用棺材。使用时也有同样的问题:
from coffin.shortcuts import render_to_response
return render_to_response('template_name_here.html', context)
try to use instead:
尝试使用:
from coffin.shortcuts import render
return render(request, 'template_name_here.html', context)
#4
-1
I had the same problem, and what I noticed is that the CSRF context processor isn't in the list of the default loaded processors. After adding 'django.core.context_processors.csrf' to the TEMPLATE_CONTEXT_PROCESSORS in setting.py I could use the {% csrf_token %} template tag normally.
我遇到了同样的问题,我注意到CSRF上下文处理器不在默认加载处理器的列表中。添加“django.core.context_processors之后。csrf'到template_context_processor在设置中。py我可以正常使用{% csrf_token %}模板标签。
#1
30
It seems Jinja2 works differently:
看来Jinja2的工作方式不同:
Use <input type="hidden" name="csrfmiddlewaretoken" value="{{ csrf_token }}"> where in Django templates you use {% csrf_token %}
使用在Django模板中使用{% csrf_token %}
source : http://exyr.org/2010/Jinja-in-Django/
来源:http://exyr.org/2010/Jinja-in-Django/
#2
22
I know this is an old question, but I wanted to update it with the proper way to support the csrf_token when using the new django.template.backends.jinja2.Jinja2 available in Django 1.8+. Using the django template backend you would have called {% csrf_token %}, but using the Jinja2 backend you will call it using {{ csrf_input }} (you can get just the token value instead of the token input using {{ csrf_token }}).
我知道这是一个老问题,但我希望在使用新的django.template.backends.jinja2时,用适当的方式更新它,以支持csrf_token。Jinja2在Django 1.8+中可用。使用django模板后端,您将调用{% csrf_token %},但是使用Jinja2后端,您将使用{{{{csrf_input}}调用它(您可以使用{{{{{csrf_token}}获取令牌值,而不是令牌输入)。
You can see the details in the django.template.backends.jinja2.Jinja2 source
您可以在django.template.backends.jinja2中看到细节。Jinja2源
#3
0
I use Coffin. And have same problem when use:
我用棺材。使用时也有同样的问题:
from coffin.shortcuts import render_to_response
return render_to_response('template_name_here.html', context)
try to use instead:
尝试使用:
from coffin.shortcuts import render
return render(request, 'template_name_here.html', context)
#4
-1
I had the same problem, and what I noticed is that the CSRF context processor isn't in the list of the default loaded processors. After adding 'django.core.context_processors.csrf' to the TEMPLATE_CONTEXT_PROCESSORS in setting.py I could use the {% csrf_token %} template tag normally.
我遇到了同样的问题,我注意到CSRF上下文处理器不在默认加载处理器的列表中。添加“django.core.context_processors之后。csrf'到template_context_processor在设置中。py我可以正常使用{% csrf_token %}模板标签。