add csrf tokens

[vjs22334]

we need to include csrf tokens to all forms

[vjs22334]

@pkkp86nitd have you finished this?

[ash1969]

@pkkp86nitd Was this done?

[pkkp86nitd]

Tokens were already added there in all the forms .
We need to find out why CsrfMiddleware was giving error ( #'django.middleware.csrf.CsrfViewMiddleware', this is commented at line 52 in settings.py ).

[harshitsurana]

@moinak878: (Possible scenarios where getting an error)
If we uncomment django.middleware.csrf.CsrfViewMiddleware in settings.py and register a new user, error (Forbidden (CSRF token missing or incorrect.): /profile/register/username_check) is thrown while making an AJAX call.
Need to find how we can pass csrf token with data in the AJAX call.

[moinak878]

@harshitsurana I found the following two methods to be working :-

1. Remove django.middleware.csrf.CsrfViewMiddleware from settings.py and add @csrf_protect before the view

@csrf_protect
def user_register(request):
    if request.user.is_authenticated :
        id=request.user.id
        return HttpResponseRedirect(reverse('user_profile:view_profile', args=(id,)))
    form = SignUpForm(request.POST or None)
    if request.method == 'POST': .....
 

2. Let django.middleware.csrf.CsrfViewMiddleware be present in settings.py and add the header : {'X-CSRFToken': csrftoken} , in the AJAX call

$("#id_username").keyup(function (event) {
      var res = $(this).serialize()
      $.ajax({
        method: "POST",
        url: "/profile/register/username_check",
        headers : {'X-CSRFToken': csrftoken},
        data: res,
        success: function (data) {.....