Stack Overflow
Stack Overflow

Questions tagged [django-csrf]

django-csrf is the Cross Site Request Forgery (CSRF) protection middleware for Django.

The Csrf Middleware for Django modifies outgoing requests that are associated with a session by adding a hidden form field to all 'POST' forms, with name 'csrfmiddlewaretoken' and a value which is a hash of the session ID plus a secret.

The middleware then processes all incoming POST requests that have the session cookie set, checks that the 'csrfmiddlewaretoken' is present and correct, and if it isn't, throws a 403 error.

618 questions
8
votes
3 answers

Why is Django admin login giving me 403 CSRF error?

I am running Django 1.2.2 and I get the following error when I try to log in to the Django admin: Forbidden (403) CSRF verification failed. Request aborted. Reason given for failure: No CSRF or session cookie. ** I have made NO customization to…
thomallen
  • 1,926
  • 1
  • 18
  • 32
8
votes
1 answer

Django: POST form requires CSRF? GET doesn't?

Are forms that use the POST method required to have CSRF protection? I'm following a book and the code examples throw 403 errors. I did some searching and it seems as if I need to enable CSRF in all my forms. My questions are: Does Django now…
cp3
  • 2,119
  • 2
  • 22
  • 27
8
votes
1 answer

How to retrieve/provide a CSRF token to/from Django as an API

I'm working on a project that uses the Django REST Framework as a backend (let's say at api.somecompany.com but has a React.js frontend (at www.somecompany.com) not served by Django that makes AJAX requests. I can't, therefore, use Django's…
jimbofreedman
  • 332
  • 3
  • 10
8
votes
1 answer

Test CSRF Verification with Django Rest Framework

I'm using Django Rest Framework 3 and would like to test the CSRF verification. First, I initialize the DRF APIClient: client = APIClient(enforce_csrf_checks=True) Then I set a password on a user so I can login and get a…
Danilo Bargen
  • 18,626
  • 15
  • 91
  • 127
8
votes
3 answers

python-requests and django - CSRF verification failed. Request aborted

I have a django server to upload files and when I use a browser, I can upload the file without problems. But if I use the python-requests commands, it tells me CSRF verification failed. Request aborted. The python-requests code is as followed: #…
user2040597
  • 469
  • 3
  • 8
  • 21
8
votes
6 answers

Why doesn't Django's CSRF work over HTTPS?

I have a Django website at http://example.com that works fine, including post requests. I've added HTTPS so my site is accessible at https://example.com too. I can load any page on HTTPS, but I always get CSRF validation errors when I try to POST.…
Wilfred Hughes
  • 29,846
  • 15
  • 139
  • 192
8
votes
3 answers

Passing csrf token to Stripe

I am using stripe.js for stripe payments. I need to setup a callback wenhook to receive the request from stripe. Since the webhook is posted to by stripe - I have marked it as csrf_excempt. Is there any risk with making this view csrf_excempt? If…
shabda
  • 1,668
  • 1
  • 18
  • 28
8
votes
2 answers

Django admin raises CSRF verification failed

I've started new django project and enabled admin app. I can login to admin site but when I'm trying to add/change site or user I'm getting CSRF verification failed. Request aborted. Reason given for failure: CSRF token missing or…
igoris
  • 1,476
  • 10
  • 20
7
votes
3 answers

django csrf_token not printing hidden input field

my views.py : from django.core.context_processors import csrf from django.views.decorators.csrf import csrf_protect from django.http import * from django.template import * from django.shortcuts import * # Create your views here. @csrf_protect def…
prongs
  • 9,422
  • 21
  • 67
  • 105
7
votes
2 answers

How to send CSRF Cookie from React to Django Rest Framework with Axios

I want to make a POST request from a React app using Axios to a Django Rest Framework backend. I have managed to get a CSRF Token from the backend but I can't manage to send it with my request, so I always get a Forbidden (CSRF cookie not set.)…
HuLu ViCa
  • 5,077
  • 10
  • 43
  • 93
7
votes
1 answer

Django CSRF Error: Only on local runserver

The same code from the repo works fine out in the wild. But on my local environment, I'm getting CSRF errors on form submits. Django 1.11.13, Python 2.7 It's very hard to debug, because there's not really any breakpoint. the error occurs way before…
Rob L
  • 3,634
  • 2
  • 19
  • 38
7
votes
2 answers

How to add Django's CSRF token to the header of a jQuery POST request?

I'm trying to make a Django form with dynamically pre-populated fields: that is, when one field (checkin_type) gets selected from a drop-down menu, other fields get automatically pre-populated with corresponding data. To this end, I would like to…
Kurt Peek
  • 52,165
  • 91
  • 301
  • 526
7
votes
1 answer

Django CSRF_COOKIE_DOMAIN - how to change gracefully

I have a public Django site which uses CSRF protection. I have not set the CSRF_COOKIE_DOMAIN. My site uses subdomains. Sometimes, a user ends up having a csrftoken cookie set on .toplevel.com as well as on sub.toplevel.com. This causes problems,…
Krystian Cybulski
  • 10,789
  • 12
  • 67
  • 98
7
votes
4 answers

How to use {% csrf_token %} in javascript

In my users page, i have in place editing with ajax. And when i click edit, it works fine. But when i submit the form, it don't do anything. When i checked, this is the error: CSRF verification failed. Request aborted. So, how do I place {%…
Karl
  • 1,689
  • 3
  • 15
  • 23
6
votes
3 answers

CSRF verfication failed, but only with IE9

I have set up CSRF as described in the Django docs (using Django 1.3). It works with FF and Safari, but on IE9 I get

Forbidden (403)

CSRF verification failed. Request aborted.

In the response…
Django Asül
  • 111
  • 1
  • 4
1 2 3
41 42