Rendering csrfmiddlewaretoken in forms

[troygrosfield]

Currently, form rendering doesn't add the csrf token when rendering forms if you have django's CsrfViewMiddleware installed. It's kind of a pain in the butt to have to add that to every single form you want rendered. Why not check for installed apps and if CsrfViewMiddleware is installed, add the csrf_token by default since this will likely be the desired behavior? Then if you wanted, you could also create a form renderer that explicitly doesn't include the csrf hidden field when you don't want the csrf token:

{{ my_form|bootstrap_csrf_exempt }}

I don't mind doing the pull request for this, I just want to know why we wouldn't want to do this if there is a reason. What are other people's thoughts?

[troygrosfield]

Unfortunately, this wasn't quite as easy as I might have hoped. Another path I went down was trying to make the rendering more django like with the "as_p", "as_table", etc by doing:

from django.utils.safestring import mark_safe

from bootstrapform.templatetags.bootstrap import bootstrap
from bootstrapform.templatetags.bootstrap import bootstrap_horizontal


class BootstrapFormMixin(object):

    def as_bootstrap(self):
        # TODO: add CSRF here.
        x = bootstrap(self).strip()
        return mark_safe(x)

    def as_bootstrap_horizontal(self):
        # TODO: add CSRF here.
        x = bootstrap_horizontal(self).strip()
        return mark_safe(x)

Then, in your templates you could just call:

{{ form.as_bootstrap }}

or

{{ form.as_bootstrap_horizontal }}

However, you don't have access to the csrf_token at that point. If you did, you could just add it to the form before rendering to html.