How to csrf_token protection in jinja2 template engine?

It seems Jinja2 works differently:

Use <input type="hidden" name="csrfmiddlewaretoken" value="{{ csrf_token }}"> where in Django templates you use {% csrf_token %}

source : http://exyr.org/2010/Jinja-in-Django/

in django 2.x with jinja2 templates engine you get the value of the token with {{ csrf_token }} and the complete hidden input tag with {{ csrf_input }}

source: https://django.readthedocs.io/en/2.1.x/ref/csrf.html

example:

<form action="..." method="post">
  {{ csrf_input }}

   ...
</form>

I know this is an old question, but I wanted to update it with the proper way to support the csrf_token when using the new django.template.backends.jinja2.Jinja2 available in Django 1.8+. Using the django template backend you would have called {% csrf_token %}, but using the Jinja2 backend you will call it using {{ csrf_input }} (you can get just the token value instead of the token input using {{ csrf_token }}).

You can see the details in the django.template.backends.jinja2.Jinja2 source

How to csrf_token protection in jinja2 template engine?

Tags:

Django

Jinja2

Csrf

Related

Recent Posts