Stack Overflow
Stack Overflow

Questions tagged [django-csrf]

django-csrf is the Cross Site Request Forgery (CSRF) protection middleware for Django.

The Csrf Middleware for Django modifies outgoing requests that are associated with a session by adding a hidden form field to all 'POST' forms, with name 'csrfmiddlewaretoken' and a value which is a hash of the session ID plus a secret.

The middleware then processes all incoming POST requests that have the session cookie set, checks that the 'csrfmiddlewaretoken' is present and correct, and if it isn't, throws a 403 error.

618 questions
3
votes
2 answers

Django - 403 Forbidden. CSRF token missing or incorrect

I try to add ModelForm for my model, but every POST attempt ends with "403 Forbidden. CSRF verification failed. Request aborted. Reason given for failure: CSRF token missing or incorrect". I have no render_to_response() method, so I can't fix this…
John Doe
  • 59
  • 1
  • 4
3
votes
1 answer

Django Rest Framework + AngularJS: Correct way for CSRF Protection?

Without Django Rest Framework, I used to create forms / POST requests like so:
{% csrf_token %} ...
but I stared using Django Rest Framework and AngularJS on the frontend and I…
SilentDev
  • 20,997
  • 28
  • 111
  • 214
3
votes
1 answer

Multiple Django sites on the same domain - CSRF fails

I have two applications running on the same domain on different ports, both using csrf middleware. When I log-in in one of the applications all POST submits from the other fail. I presume because the SESSION_COOKIE_DOMAIN is the same. I tried…
Diko Parvanov
  • 33
  • 1
  • 5
3
votes
1 answer

Clould9's Django out of the box: Admin page CSRF :443 error

Clould9's Django out of the box gives CSRF error when I attempt to login to the admin page. Reason given is: - Forbidden (403) - CSRF verification failed. Request aborted. - Referer checking failed - https://mysite.c9.io/admin/login/?next=/admin/…
eff M
  • 31
  • 1
3
votes
2 answers

Django 1.6 HTTP_X_CSRFTOKEN header ignored if csrf cookie is missing

I have AJAX code which makes POST requests to a Django 1.6.4 application. The view has CSRF protection enabled via the django.middleware.csrf.CsrfViewMiddleware. If I do not pass a cookie but do pass the HTTP_X_CSRFTOKEN, it fails. I am looking at…
Krystian Cybulski
  • 10,789
  • 12
  • 67
  • 98
3
votes
1 answer

CSRF Error Django ajax .post with no form

There are a lot of stack overflow questions on this topic that I have been going through and have not found what I'm looking for but I apologize if this is a repeat of another question. My problem is that I believe I have set up CSRF cookies…
johnmic07
  • 1,225
  • 2
  • 10
  • 14
3
votes
1 answer

Why do I get CSRF Error while doing a jQuery Ajax PUT from website? Works fine from command line.

I have created a Django-Rest-Framework API that allows me to successfully run a PUT request via the command line as such: % curl -X PUT -u myUser:myPassword http://127.0.0.1:3001/api/myEndpoint/64/ {"id": 64, "myAttr1": "Blah1", "myAttr2":…
Saqib Ali
  • 11,931
  • 41
  • 133
  • 272
3
votes
1 answer

CORS, Ajax, and CSRF

The CSRF prevention support in a django application sends CSRF tokens down to a client via a cookie, and accepts CSRF tokens from the client in either a header (X-CSRFToken) or a cookie. This works fine for non-CORS, non-AJAX web applications. But…
eswenson
  • 745
  • 1
  • 9
  • 25
3
votes
1 answer

csrf_exempt not working with django auth

I am making the backend for a mobile app and using Django with Userena for the user management. I made the sign in and sign up using Django REST framework and everything works fine. The only thing I need to do now is to implement the "forget…
kahlo
  • 2,314
  • 3
  • 28
  • 37
3
votes
2 answers

Bypassing Django CSRF Protection using external POST Request

I have a Python program that needs to be able to send data to my website (built with Django). This data will then be taken and displayed on a certain part of the website. The problem I'm having is that the CSRF protection built into Django blocks…
user2755159
  • 31
  • 1
  • 2
3
votes
1 answer

How do I modify the file upload handlers in a class based View with CSRF middleware?

In my Django project I will have to modify the tuple of file upload handlers "on the fly" as documented, to have the ability to modify the file stream as it is being uploaded. I need this "on the fly", because I have to provide the handler some data…
gertvdijk
  • 24,056
  • 6
  • 41
  • 67
3
votes
1 answer

CSRF Protection in Django 1.4

I am trying to learn django by working through "The Django Book", and I'm having a problem with CSRF protection. I've found lots of suggestions here, but none seem to work for me. Using Chrome I get the message: CSRF token missing or…
saulspatz
  • 5,011
  • 5
  • 36
  • 47
3
votes
2 answers

CSRF token missing or incorrect even though i have {% csrf_token %} but I use HttpResponse

form.html
{% csrf_token %}

Bàn Chân Trần
  • 1,890
  • 2
  • 21
  • 24
2
votes
1 answer

Django's comments framework and CSRF

I understand that the Django's comments framework was designed for anonymous public comments like you commonly see below a blog or an artcile. In other words, anyone can post comments. I am using the comments framework for only allowing logged in…
hobbes3
  • 28,078
  • 24
  • 87
  • 116
2
votes
1 answer

django: render versus render_to_response and its relation to csrf_token

I have usually been using render_to_response for my view functions in django. However, recently, I have been trying to use more of the render method (https://docs.djangoproject.com/en/dev/topics/http/shortcuts/#render) which as I understand here…
Calvin Cheng
  • 35,640
  • 39
  • 116
  • 167
1 2 3
41 42