Home/ Questions/Q 9079315
In Process

The Archive Base Latest Questions

Editorial Team
  • 0
Asked: 2026-06-16T19:48:29+00:00

Possible Duplicate: CSRF Protection in Django 1.4 I am trying to make a simple

  • 0

Possible Duplicate:
CSRF Protection in Django 1.4

I am trying to make a simple system for ticket reservation for rockets using Django. However, every time I try to reserve a ticket, I get the Forbidden 403 error: CSRF token missing or incorrect.

Here is my code:

models.py:

class Tickets(models.Model):
    rocket_line = models.ForeignKey('Rockets')
    date = models.DateField()
    number_of_seats = models.IntegerField()
    email = models.CharField(max_length=50)
    ordered_on = models.DateTimeField()
    total_price = models.DecimalField(max_digits=10, decimal_places=2)
    def __unicode__(self):
        return str(self.id)

views.py:

def order(request):
    if request.method == 'POST':
        order = Tickets(
            rocket_line = Rockets.objects.get(id=request.POST['rocket_line']),
            date=request.POST['date'],
            number_of_seats=request.POST['number_of_seats'],
            email=request.POST['email'],
            ordered_on=datetime.now(),
            total_price=(float(number_of_seats) * float(Rockets.objects.get(id=request.POST['rocket_line']).rprice))
        )
        order.save()
        return HttpResponseRedirect('/menu/')
    else:
        all_rockets = Rockets.objects.all().order_by('rtime')
        return render_to_response('order.html', { 'all_rockets': all_rockets},  RequestContext(request))

order.html:

<h1>You can order a ticket here:</h1>

        <form action="/order/" method="post">       
        <p>             
        <label>Rocket_line</label>
        <select name="rocket_line">
            {% for rocket in all_rockets %}
                <option value="{{ rocket.id }}">{{ rocket }}</option>
            {% endfor %}
        </select>
        <label>Date</label>
        <input name="date" value="YYYY-MM-DD" type="text" size="10" />
        <label>Number of seats</label>
        <input name="number_of_seats" value="" type="text" size="10" />
        <label>E-mail</label>
        <input name="email" value="@" type="text" size="50" />
        <br /><br />
        <input class="button" value="Order" type="submit" />        
        </p>        
        </form>             
    <br />

Could you help me to resolve, where the problem might be?

Share

Leave an answer

You must login to add an answer.

Need An Account,

1 Answer

  1. Editorial Team

    taken from the almighty django’s docs:

    Step 1:

    Add the middleware ‘django.middleware.csrf.CsrfViewMiddleware’ to your list of middleware classes, MIDDLEWARE_CLASSES. (It should come before any view middleware that assume that CSRF attacks have been dealt with.)

    Step 2:

    <form action="." method="post">{% csrf_token %}

    that {% csrf_token %} is all you need to add to your template.

    there’s other solutions around (decorators or ajax based) but this one is the fastest and most used (i think, at least… it requires no hassle whatsoever to be implemented)

    • 0