django-bootstrap-form
django-bootstrap-form copied to clipboard
tzangms
Rendering csrfmiddlewaretoken in forms
Currently, form rendering doesn't add the csrf token when rendering forms if you have django's CsrfViewMiddleware installed. It's kind of a pain in the butt to have to add that to every single form you want rendered. Why not check for installed apps and if CsrfViewMiddleware is installed, add the csrf_token by default since this will likely be the desired behavior? Then if you wanted, you could also create a form renderer that explicitly doesn't include the csrf hidden field when you don't want the csrf token:
{{ my_form|bootstrap_csrf_exempt }}
I don't mind doing the pull request for this, I just want to know why we wouldn't want to do this if there is a reason. What are other people's thoughts?
Unfortunately, this wasn't quite as easy as I might have hoped. Another path I went down was trying to make the rendering more django like with the "as_p", "as_table", etc by doing:
from django.utils.safestring import mark_safe
from bootstrapform.templatetags.bootstrap import bootstrap
from bootstrapform.templatetags.bootstrap import bootstrap_horizontal
class BootstrapFormMixin(object):
def as_bootstrap(self):
# TODO: add CSRF here.
x = bootstrap(self).strip()
return mark_safe(x)
def as_bootstrap_horizontal(self):
# TODO: add CSRF here.
x = bootstrap_horizontal(self).strip()
return mark_safe(x)
Then, in your templates you could just call:
{{ form.as_bootstrap }}
or
{{ form.as_bootstrap_horizontal }}
However, you don't have access to the csrf_token at that point. If you did, you could just add it to the form before rendering to html.