Django causing 403 forbidden error when i add csrf middleware

Question

When I add CSRF middleware django.middleware.csrf.CsrfViewMiddleware to prevent xss csrf attack I am getting error response 403 csrf error.

I referred to the official doc and old Stack Overflow answers but still I didn't get any idea why it causing error.
I read from Django official doc if I added csrf middleware it will take care all csrf validation in every views by default.
Along with this I have used some decorators too to ensure security like @login_required and @csrf_protect
I have added django.middleware.csrf.CsrfViewMiddleware as a first entry before common middleware in Middleware class, is it because of that?

submission , my app contains a button. when i submit button it occurred. @ThomasJiang — skysoft999, Sep 26 '18 at 12:26
The [Django CSRF docs](https://docs.djangoproject.com/en/2.1/ref/csrf/) cover how to use it. We can't help you because you haven't shown the full error, or the code (url/view/template) that triggers it. — Alasdair, Sep 26 '18 at 12:29

score 1 · Answer 1 · answered Sep 26 '18 at 12:28

1

a form with CSRF in Django should look something like this:

<form method="POST" ...>
    {% csrf_token %}
...
</form>

More info here

answered Sep 26 '18 at 12:28

Thomas Jiang

Is it because of order ? 'csrf middleware' class ? i have added as 1st entry in csrf clases(settings.py) – skysoft999 Sep 26 '18 at 14:18

1 Answers1