CSRF token missing or incorrect - Django

Question

I'm trying to build a Django webapp to test the functionalities of a Forex Converter I installed with pip. I created an application with django-startapp Converter and routed the url /convert to the view convert_view().

This is my views.py file:

from django.shortcuts import render

from forex_python.converter import CurrencyRates

# Create your views here.

def convert_view(request):
    if request.method == "POST":
        c = CurrencyRates()
        print(c.convert('EUR', 'RON', request.POST.get('eur')))
    context = {}
    return render(request, "convert.html", context)

Also, because my view returns a template convert.html, I created a form there. This is my convert.html:

{% csrf_token %}

<form action="." method="POST">
    <input type="text" name="eur" placeholder="EUR">
    <input type="submit">
</form>

As you can see, just a simple page that has a form inside it, redirects to the same page and uses POST to send the data. It also uses the {% csrf_token %} tag, so there shouldn't be any problems.

When I navigate to /convert everything works fine. I type in the amount of money I like to convert from EUR to RON, but when I send the POST request, I get redirected to an error page, telling me:

CSRF token missing or incorrect.

I read another article on stack overflow about not using request as a parameter in the render() function, but I'm doing it.

What is wrong? What can I do to fix this error? Thank you.

`{% csrf_token %}` needs to be inside `
` tag. See the page source code - `{% csrf_token %}` generates an `` and if you dont put this input in the form, then the value is not getting send. — yedpodtrzitko, Sep 19 '21 at 05:51
@yedpodtrzitko Thank you so much! That's actually my first time working with Django and didn't know about this. Could you put this in a proper answer, so I can mark it as correct? — Mario Mateaș, Sep 19 '21 at 05:53

score 4 · Accepted Answer · answered Sep 19 '21 at 05:53

4

Please put {% csrf_token %} inside <form> tag. This will solve the issue.

answered Sep 19 '21 at 05:53

Shamir Imtiaz

138
1
6

Rahul Palve · Answer 2 · 2021-09-19T06:12:02.370

{% csrf_token %} should be inside the form tag. like this

<form action="." method="POST">
{% csrf_token %}
       <input type="text" name="eur" placeholder="EUR">
       <input type="submit">
</form>

The reason behind that is because {% csrf_token %} is rendered like this, and inorder input to be submitted along with form it needs to be inside form element.

<input type="hidden" name="csrfmiddlewaretoken" value="0gdrskkUXOTenFZOWxhzQPZWavohLKrEaOm0aKj8KzOfeLFah9PihEdYG24Fl4F7">```

score 1 · Answer 3 · answered Sep 19 '21 at 05:52

You need to put {% csrf_token %} inside the <form> tag like this:

<form action="." method="POST">
    {% csrf_token %}
    <input type="text" name="eur" placeholder="EUR">
    <input type="submit">
</form>

samkayz · Answer 4 · 2021-09-19T18:21:31.323

1

There is error in your form file, your csrf_token is expected to be inside your tag because django is expecting it with the form data as to certify that what you are sending is safe. Try this

   <form action="." method="POST">
          {% csrf_token %}
           <input type="text" name="eur" placeholder="EUR">
           <input type="submit">
     </form>

It will work that way.

edited Sep 19 '21 at 18:21

answered Sep 19 '21 at 05:56

samkayz

87
3

CSRF token missing or incorrect - Django

4 Answers4