Will,

Check out the source of the canonical version of the app and the remainder of the slides from last week. POST forms in django require a csrf token in order to successfully submit. Django supplies a template tag that takes care of this:

{% csrf_token %}

There is a reference to it in the slides, and it is used in my canonical version of the djangor app here:

https://github.com/cewing/training.django_microblog

c

On Feb 18, 2013, at 6:39 PM, pwnee wrote:

Cris,

I'm submitting my attempt to get the blog up and running, but I've only been able to enter an entry manually via the shell. I had some difficulties getting POSTs to go through due to CSRF issues (see README). I imagine there's a better easier way to get this up and running hopefully I can make some updates to this and get it up and running eventually.

--Will

You can merge this Pull Request by running

git pull https://github.com/pwnee/training.python_web master
Or view, comment on, or merge it at:

#74

Commit Summary

adding client, server, and number checker files
Merge branch 'master' of github.com:cewing/training.python_web
j-archive scraper, work in progress
Merge branch 'master' of github.com:cewing/training.python_web
attempting to commit to save work
adding work in process for server
working product on localhost. there will be some trickiness when going to VM. also, need to add error checking
added image and some error handling, added some TODOs
ugly but working way to return images via WSGI, TODOs remain...
added reference to website that helped explain serving image via WSGI
tweaked html layout
updated version of wsgi server
Update assignments/week04/athome/wsgi_book_server.py
minor html tweaks
adding README
Merge branch 'master' of github.com:cewing/training.python_web
Merge branch 'master' of github.com:cewing/training.python_web
pushing code so i can pull down remotely
up and running version of flaskr blog. created by following steps from lab
added readme for editing
updated the readme via text editor
Merge branch 'master' of github.com:cewing/training.python_web
added django blog attempt
added readme:
File Changes

A assignments/week01/athome/.metadata/.lock (0)
A assignments/week01/athome/.metadata/.log (21)
A assignments/week01/athome/.metadata/.mylyn/.tasks.xml.zip (0)
A assignments/week01/athome/.metadata/.mylyn/repositories.xml.zip (0)
A assignments/week01/athome/.metadata/.mylyn/tasks.xml.zip (0)
A assignments/week01/athome/.metadata/.plugins/org.eclipse.core.resources/.root/.indexes/history.version (1)
A assignments/week01/athome/.metadata/.plugins/org.eclipse.core.resources/.root/.indexes/properties.index (0)
A assignments/week01/athome/.metadata/.plugins/org.eclipse.core.resources/.root/.indexes/properties.version (1)
A assignments/week01/athome/.metadata/.plugins/org.eclipse.core.resources/.root/1.tree (0)
A assignments/week01/athome/.metadata/.plugins/org.eclipse.core.resources/.safetable/org.eclipse.core.resources (0)
A assignments/week01/athome/.metadata/.plugins/org.eclipse.core.runtime/.settings/com.android.ide.eclipse.adt.prefs (4)
A assignments/week01/athome/.metadata/.plugins/org.eclipse.core.runtime/.settings/org.eclipse.core.resources.prefs (3)
A assignments/week01/athome/.metadata/.plugins/org.eclipse.core.runtime/.settings/org.eclipse.jdt.ui.prefs (14)
A assignments/week01/athome/.metadata/.plugins/org.eclipse.core.runtime/.settings/org.eclipse.mylyn.context.core.prefs (3)
A assignments/week01/athome/.metadata/.plugins/org.eclipse.core.runtime/.settings/org.eclipse.mylyn.monitor.ui.prefs (3)
A assignments/week01/athome/.metadata/.plugins/org.eclipse.core.runtime/.settings/org.eclipse.ui.ide.prefs (6)
A assignments/week01/athome/.metadata/.plugins/org.eclipse.core.runtime/.settings/org.eclipse.ui.prefs (3)
A assignments/week01/athome/.metadata/.plugins/org.eclipse.jdt.core/invalidArchivesCache (0)
A assignments/week01/athome/.metadata/.plugins/org.eclipse.jdt.core/nonChainingJarsCache (0)
A assignments/week01/athome/.metadata/.plugins/org.eclipse.jdt.core/variablesAndContainers.dat (0)
A assignments/week01/athome/.metadata/.plugins/org.eclipse.jdt.ui/OpenTypeHistory.xml (2)
A assignments/week01/athome/.metadata/.plugins/org.eclipse.jdt.ui/QualifiedTypeNameHistory.xml (2)
A assignments/week01/athome/.metadata/.plugins/org.eclipse.jdt.ui/dialog_settings.xml (10)
A assignments/week01/athome/.metadata/.plugins/org.eclipse.ui.workbench/dialog_settings.xml (3)
A assignments/week01/athome/.metadata/.plugins/org.eclipse.ui.workbench/workbench.xml (256)
A assignments/week01/athome/.metadata/.plugins/org.eclipse.ui.workbench/workingsets.xml (4)
A assignments/week01/athome/.metadata/version.ini (1)
A assignments/week01/athome/add_client.py (31)
A assignments/week01/athome/add_server.py (39)
A assignments/week01/athome/number_checker.py (34)
A assignments/week01/athome/python/.project (17)
A assignments/week01/athome/python/.pydevproject (7)
A assignments/week01/athome/python/athome/asdf.py (9)
A assignments/week01/athome/python/athome/assignment.txt (15)
A assignments/week01/athome/python/athome/get_hints_and_context.py (29)
A assignments/week01/athome/python/athome/get_jarchive.py (124)
A assignments/week01/athome/python/athome/jparty.html (1463)
A assignments/week01/athome/python/athome/play_jeopary_with_hints.py (89)
A assignments/week01/athome/python/lab/bs_jarchive.py (83)
A assignments/week01/athome/python/lab/echo_server.py (25)
A assignments/week01/athome/python/lab/http_serve1.py (27)
A assignments/week01/athome/python/lab/http_serve2.py (39)
A assignments/week01/athome/python/lab/http_serve3.py (158)
A assignments/week01/athome/python/lab/jarchive.py (45)
A assignments/week01/athome/python/lab/tiny_html.html (11)
A assignments/week01/athome/python/lab/web/a_web_page.html (11)
A assignments/week01/athome/python/lab/web/images/JPEG_example.jpg (0)
A assignments/week01/athome/python/lab/web/images/Sample_Scene_Balls.jpg (0)
A assignments/week01/athome/python/lab/web/images/sample_1.png (0)
A assignments/week01/athome/python/lab/web/make_time.py (25)
A assignments/week01/athome/python/lab/web/sample.txt (3)
M assignments/week01/lab/echo_client.py (13)
M assignments/week01/lab/echo_server.py (21)
A assignments/week02/lab/class2.py (37)
A assignments/week02/lab/http_serve1.py (27)
A assignments/week02/lab/http_serve2.py (39)
A assignments/week02/lab/http_serve3.py (64)
A assignments/week02/lab/http_serve4.py (71)
A assignments/week03/athome/asdf.py (9)
A assignments/week03/athome/final.html (65)
A assignments/week03/athome/get_j-archive.py (45)
A assignments/week03/athome/jparty.html (1463)
A assignments/week03/athome/scraper.py (89)
A assignments/week04/athome/README.txt (9)
M assignments/week04/athome/assignment.txt (1)
A assignments/week04/athome/book_html.py (45)
M assignments/week04/athome/bookdb.py (1)
A assignments/week04/athome/bookdb_wsgi_server.py (155)
A assignments/week04/athome/bookdb_wsgi_server_PIL_NEEDED.py (155)
A assignments/week04/athome/example.py (75)
A assignments/week04/athome/wsgi_book_server.py (72)
A assignments/week04/athome/wsgi_book_server_no_image.py (172)
A assignments/week04/lab/cgi-bin/lab1_cgi.py (41)
M assignments/week04/lab/src/lab2_wsgi_template.py (2)
A assignments/week05/athome/cherry_app.py (48)
A assignments/week05/athome/cherry_app_tests.py.py (26)
A assignments/week05/athome/schema.sql (6)
A assignments/week05/athome/templates/index.html (16)
A assignments/week05/athome/venv/Scripts/activate (80)
A assignments/week05/athome/venv/Scripts/activate.bat (26)
A assignments/week05/athome/venv/Scripts/activate.ps1 (148)
A assignments/week05/athome/venv/Scripts/activate_this.py (34)
A assignments/week05/athome/venv/Scripts/cherryd (109)
A assignments/week05/athome/venv/Scripts/deactivate.bat (18)
A assignments/week05/athome/venv/Scripts/easy_install-2.7-script.py (9)
A assignments/week05/athome/venv/Scripts/easy_install-2.7.exe (0)
A assignments/week05/athome/venv/Scripts/easy_install-2.7.exe.manifest (17)
A assignments/week05/athome/venv/Scripts/easy_install-script.py (9)
A assignments/week05/athome/venv/Scripts/easy_install.exe (0)
A assignments/week05/athome/venv/Scripts/easy_install.exe.manifest (17)
A assignments/week05/athome/venv/Scripts/pip-2.7-script.py (9)
A assignments/week05/athome/venv/Scripts/pip-2.7.exe (0)
A assignments/week05/athome/venv/Scripts/pip-2.7.exe.manifest (17)
A assignments/week05/athome/venv/Scripts/pip-script.py (9)
A assignments/week05/athome/venv/Scripts/pip.exe (0)
A assignments/week05/athome/venv/Scripts/pip.exe.manifest (17)
A assignments/week05/athome/venv/Scripts/python.exe (0)
A assignments/week05/athome/venv/Scripts/pythonw.exe (0)
A assignments/week05/lab/flaskr_1/README.txt (5)
M assignments/week05/lab/flaskr_1/flaskr.py (95)
M assignments/week05/lab/flaskr_1/flaskr_tests.py (110)
M assignments/week05/lab/flaskr_1/schema.sql (6)
A assignments/week05/lab/flaskr_1/static/style.css (17)
A assignments/week05/lab/flaskr_1/templates/layout.html (22)
A assignments/week05/lab/flaskr_1/templates/login.html (22)
A assignments/week05/lab/flaskr_1/templates/show_entries.html (30)
A assignments/week05/lab/venv/Scripts/activate (80)
A assignments/week05/lab/venv/Scripts/activate.bat (26)
A assignments/week05/lab/venv/Scripts/activate.ps1 (148)
A assignments/week05/lab/venv/Scripts/activate_this.py (34)
A assignments/week05/lab/venv/Scripts/deactivate.bat (18)
A assignments/week05/lab/venv/Scripts/easy_install-2.7-script.py (9)
A assignments/week05/lab/venv/Scripts/easy_install-2.7.exe (0)
A assignments/week05/lab/venv/Scripts/easy_install-2.7.exe.manifest (17)
A assignments/week05/lab/venv/Scripts/easy_install-script.py (9)
A assignments/week05/lab/venv/Scripts/easy_install.exe (0)
A assignments/week05/lab/venv/Scripts/easy_install.exe.manifest (17)
A assignments/week05/lab/venv/Scripts/pip-2.7-script.py (9)
A assignments/week05/lab/venv/Scripts/pip-2.7.exe (0)
A assignments/week05/lab/venv/Scripts/pip-2.7.exe.manifest (17)
A assignments/week05/lab/venv/Scripts/pip-script.py (9)
A assignments/week05/lab/venv/Scripts/pip.exe (0)
A assignments/week05/lab/venv/Scripts/pip.exe.manifest (17)
A assignments/week05/lab/venv/Scripts/python.exe (0)
A assignments/week05/lab/venv/Scripts/pythonw.exe (0)
A assignments/week06/athome/blog_djang/README.txt (19)
A assignments/week06/athome/blog_djang/microblog/blog/init.py (0)
A assignments/week06/athome/blog_djang/microblog/blog/admin.py (4)
A assignments/week06/athome/blog_djang/microblog/blog/models.py (20)
A assignments/week06/athome/blog_djang/microblog/blog/templates/about.html (11)
A assignments/week06/athome/blog_djang/microblog/blog/templates/add_entry.html (16)
A assignments/week06/athome/blog_djang/microblog/blog/templates/blog.html (39)
A assignments/week06/athome/blog_djang/microblog/blog/templates/entry.html (17)
A assignments/week06/athome/blog_djang/microblog/blog/tests.py (16)
A assignments/week06/athome/blog_djang/microblog/blog/views.py (48)
A assignments/week06/athome/blog_djang/microblog/manage.py (10)
A assignments/week06/athome/blog_djang/microblog/microblog.db (0)
A assignments/week06/athome/blog_djang/microblog/microblog/init.py (0)
A assignments/week06/athome/blog_djang/microblog/microblog/settings.py (152)
A assignments/week06/athome/blog_djang/microblog/microblog/urls.py (22)
A assignments/week06/athome/blog_djang/microblog/microblog/wsgi.py (28)
A assignments/week06/athome/blog_djang/venv/Scripts/activate (80)
A assignments/week06/athome/blog_djang/venv/Scripts/activate.bat (26)
A assignments/week06/athome/blog_djang/venv/Scripts/activate.ps1 (148)
A assignments/week06/athome/blog_djang/venv/Scripts/activate_this.py (34)
A assignments/week06/athome/blog_djang/venv/Scripts/deactivate.bat (18)
A assignments/week06/athome/blog_djang/venv/Scripts/django-admin.py (5)
A assignments/week06/athome/blog_djang/venv/Scripts/easy_install-2.7-script.py (9)
A assignments/week06/athome/blog_djang/venv/Scripts/easy_install-2.7.exe (0)
A assignments/week06/athome/blog_djang/venv/Scripts/easy_install-2.7.exe.manifest (17)
A assignments/week06/athome/blog_djang/venv/Scripts/easy_install-script.py (9)
A assignments/week06/athome/blog_djang/venv/Scripts/easy_install.exe (0)
A assignments/week06/athome/blog_djang/venv/Scripts/easy_install.exe.manifest (17)
A assignments/week06/athome/blog_djang/venv/Scripts/pip-2.7-script.py (9)
A assignments/week06/athome/blog_djang/venv/Scripts/pip-2.7.exe (0)
A assignments/week06/athome/blog_djang/venv/Scripts/pip-2.7.exe.manifest (17)
A assignments/week06/athome/blog_djang/venv/Scripts/pip-script.py (9)
A assignments/week06/athome/blog_djang/venv/Scripts/pip.exe (0)
A assignments/week06/athome/blog_djang/venv/Scripts/pip.exe.manifest (17)
A assignments/week06/athome/blog_djang/venv/Scripts/python.exe (0)
A assignments/week06/athome/blog_djang/venv/Scripts/pythonw.exe (0)
Patch Links:

https://github.com/cewing/training.python_web/pull/74.patch
https://github.com/cewing/training.python_web/pull/74.diff

Cris Ewing

Principal, Cris Ewing, Developer LLC
http://www.crisewing.com
[email protected]
1.206.724.2112

So, I looked this over more carefully just now and I can see that you did have the {% csrf_token %} template tag in your form. As it turns out that was not the only problem, though.

Here's what is going on. The view you built to render the list of the blog entries (which is also the view that contains the form for adding a new entry, and where the csrf_token template tag is used) is built like so:

return HttpResponse(template.render(context))

While this is a perfectly valid way to render a template back to an http response, it does not include a RequestContext as the error message suggests it needs. Because of this, although you have the csrf_token tag in your template it does not render and there is no token in your form when it is submitted.

I've re-written the view as follows:

def blog_index(request):
    latest_blog_posts = BlogPost.objects.order_by('pub_date')
    context = Context({
        'latest_blog_posts': latest_blog_posts,
        })
    return render_to_response('blog.html', 
                              context,
                              context_instance=RequestContext(request))

This will render a form in the blog.html template that does include the csrf token, and then when you submit it you'll start hitting the errors in your add_entry view.

An even more up-to-date way of doing this same thing would be to use the render shortcut, which always includes a RequestContext:

def blog_index(request):
    latest_blog_posts = BlogPost.objects.order_by('pub_date')
    context = Context({
        'latest_blog_posts': latest_blog_posts,
        })
    return render('blog.html', context)

Hope this gets you un-stuck

Cris