0

I'm getting the following error on the console WARNING [django.request] Forbidden (CSRF token missing or incorrect.)

This is the image when debug=True: enter image description here

This is working at times and not working sometimes. It's totally random, no pattern found. I've tried all the suggestions provided on other posts like: render_to_response..

Alasdair
  • 298,606
  • 55
  • 578
  • 516
abheist
  • 77
  • 5
  • Can you please share the code causing the error? Do you have {% csrf_token %} (assuming you are posting form somehow)? – Gokhan Sari Mar 28 '18 at 15:58
  • You say "This is working at times and not working sometimes" - it could be the [CSRF cookie rotation](https://stackoverflow.com/questions/33882819/csrf-token-missing-or-invalid-django/33883340#33883340) that is confusing you. If that's not the issue, we can't help because you haven't included any code in your question. – Alasdair Mar 28 '18 at 16:17
  • @GökhanSarı, yes I've included the {% csrf_token %} in the code – abheist Mar 28 '18 at 16:24
  • Hi @Alasdair, is there any way to stop the rotation of tokens – abheist Mar 28 '18 at 16:25
  • As mentioned [in the faq](https://docs.djangoproject.com/en/2.0/ref/csrf/#why-might-a-user-encounter-a-csrf-validation-failure-after-logging-in), the rotation is done for security reasons so you shouldn't try to disable it. In practice, you're more likely to come across the error in development when you have multiple tabs open, compared to in production where users will normally have a single tab open. – Alasdair Mar 28 '18 at 16:32
  • ok, thanks @Alasdair – abheist Mar 28 '18 at 16:33

0 Answers0