python - CSRF verification failure for single form with two models -


working django, have model foo foreign key model bar. when create foo object on site, want able set attributes of bar object in same form.

i'm able set view , template use these 2 models in same form. however, when go submit form, 403 forbidden error saying:

csrf token missing or incorrect.

i have {% csrf_token %} tag in form, i'm not sure how fix this. have ideas?

in views.py:

def foo_add(request):     if request.method == "post":         fooform = fooform(request.post, instance=foo())         barform = barform(request.post, instance=bar())         if fooform.is_valid() , barform.is_valid():             foo = fooform.save()             bar = barform.save()             return httpresponseredirect('/foos/add')     else:         fooform = fooform(instance=foo())         barform = barform(instance=bar())     return render_to_response(         'foo_app/foo_add.html',          {'foo_form': fooform, 'bar_form': barform}     )

foo_add.html:

{% extends "foo_app/__base.html" %} {% load bootstrap3 %}   {% block content %}      <form action="" method="post">{% csrf_token %}         {% bootstrap_form foo_form layout='inline' %}         {% bootstrap_form var_form layout='inline' %}         {% buttons %}             <button type="submit" class="btn btn-primary">                 {% bootstrap_icon "star" %} save foo             </button>         {% endbuttons %}     </form>  {% endblock %}

edit: i'm not asking how create form 2 models. i'm pretty sure form getting created correctly , information getting passed expected. i'm asking why 403 error after have filled out form , submitted it.

here generated html looks like:

<form action="" method="post">   <div class="form-group">     <label class="sr-only" for="id_foo-a">a</label>     <input class="form-control" id="id_foo-a" name="foo-a"             placeholder="a" required="required" title="" type="text" />   </div>   <div class="form-group">     <label class="sr-only" for="id_bar-b">b</label>     <input class="form-control" id="id_bar-b" min="0" name="bar-b"             placeholder="b" required="required" title="" type="number" />   </div>   <div class="form-group">     <button type="submit" class="btn btn-primary">       <span class="glyphicon glyphicon-star"></span> save foo     </button>   </div> </form>

use render shortcut instead of render_to_response. ensures template rendered request, allows csrf_token tag work.

from django.shortcuts import render  def foo_add(request):     ...     return render(         request,         'foo_app/foo_add.html',          {'foo_form': fooform, 'bar_form': barform},     )

Comments

Post a Comment