dynamic csrf_token in htmx

anjanesh · July 13, 2023, 11:56am

In my views.py :

def addContact(request):
    if request.method == 'POST':
        return render(request, 'partials/contact-form-post.html')
    return render(request, 'partials/contact-form.html')

My contact form parent page has this :

<form hx-post="{% url 'contact_form' %}" hx-target="this" hx-swap="innerHTML">
    {% csrf_token %}
    {% include "../partials/contact-form.html" %}
</form>

partials/contact-form-post.html :

Contact Added - 
<button type="button" hx-get="{% url 'contact_form' %}">Add Another</button>

This works only 1.5 times - because the second time I try to POST (add contact) the {% csrf_token %} is invalid - so how do I solve this ?

KenWhitesell · July 13, 2023, 12:03pm

It’s invalid because the hx-target is going to replace the entire innerHTML content of the form tag, which includes the csrf_token.

If you examine your html in the browser before and after the first POST, I think you’ll find that the csrf_token has been deleted.

anjanesh · July 13, 2023, 12:08pm

I’ve now placed <input type="hidden" name="csrfmiddlewaretoken" value="{{ csrf_token }}"> into contact-form.html

KenWhitesell · July 13, 2023, 12:25pm

That’s one way to do it.

You could also continue to use the {% csrf_token %} tag, or, what we do, is create an inner div or span to serve as the target for the htmx swap.

Topic		Replies	Views
Saving a Model won't work with HTMX Using Django	8	1740	December 5, 2021
setting csrf token in front-end framework forms (such as react forms) Forms & APIs	1	2728	January 13, 2023
Forbidden csrf token missing Forms & APIs	4	1397	May 17, 2023
Django forms with htmx increase the number of requests Forms & APIs	6	923	May 2, 2023
send views.py request.POST with JavaScript Forms & APIs	8	2998	August 22, 2023

dynamic csrf_token in htmx

Related Topics