What is the new version of csrf in Django 1.10

I'm following a tutorial and getting a TypeError with this line:

c.update(csrf(request))

This is the full view

from django.shortcuts import render
from django.views.decorators import csrf

def index(request):
    c = {} #dictionary called c
    c.update(csrf(request))
    return render(request, 'login/index.html', c)

Am I doing an old version of something that has changed? Did I import csrf incorrectly? I'm running the newest version of Django.


Best Answer

The TypeError is because you have imported the csrf decorator instead of the context processor. It should be.

from django.core.context_processors import csrf

However, you don't need to manually include the csrf token when you use the render shortcut. It automatically renders the template with a request context that includes the csrf token.

def index(request):
    c = {}  # dictionary called c
    return render(request, 'login/index.html', c)

The render shortcut was introduced in Django 1.3, so there has been no need to call csrf(request) in the view for years (even before Django 1.3 it was probably easier to use render_to_response with RequestContext). Unfortunately, this example remained in the docs up to Django 1.8, so it's a lot more common than it should be.