Stack Overflow
Stack Overflow

Questions tagged [django-csrf]

django-csrf is the Cross Site Request Forgery (CSRF) protection middleware for Django.

The Csrf Middleware for Django modifies outgoing requests that are associated with a session by adding a hidden form field to all 'POST' forms, with name 'csrfmiddlewaretoken' and a value which is a hash of the session ID plus a secret.

The middleware then processes all incoming POST requests that have the session cookie set, checks that the 'csrfmiddlewaretoken' is present and correct, and if it isn't, throws a 403 error.

618 questions
0
votes
2 answers

django csrf failed when posting from non-secure to secure page

I am having login forms in all static pages. I have enabled csrf middleware in my project. Now when the user submits the form from http static page i get the error, csrf verification failed Is there a way to ensure cross site validation, even when…
Vivek S
  • 5,384
  • 8
  • 51
  • 72
0
votes
2 answers

Django Book OUTDATE CSRF protection

Hello I'm a newbie trying to use django to register some users, I have been reading the Django Book and am on a chapter about registration,http://www.djangobook.com/en/2.0/chapter14/ when I do the instructions I get this Forbidden (403) CSRF…
Klanestro
  • 3,185
  • 5
  • 25
  • 31
0
votes
1 answer

Django: relative url not working with post calls in ajax

I am trying to use relative url with a post ajax call as follows: Current url path: http://localhost:8000/customer/0/location/0/user/0/ I need to change to different directoy. var absolute =…
akotian
  • 3,885
  • 1
  • 33
  • 44
0
votes
1 answer

Nginx Django csrf_token get 502 error invalid header

I have a Django site developed using Pinax. When I deploy it in apache+mod_wsgi, it works fine. But when I deploy it in nginx+uwsgi, it nearly works fine, but the page includes a {% csrf_token %} tag. The crashed page dose not display a Django error…
Yang
  • 204
  • 2
  • 9
0
votes
1 answer

Django troubles with forms and csrf tokens

I'm trying to get a pretty simple email form working. The form is only one field (email). forms.py from django import forms class EmailForm(forms.Form): email = forms.EmailField() views.py from django.shortcuts import render_to_response from…
user623990
-1
votes
1 answer

Forbidden (CSRF token missing or incorrect.): /api/token/refresh/

When using the @csrf_protect decorator in the view, I encountered the error "Forbidden (CSRF token missing or incorrect): /api/token/refresh/" views.py @api_view(['POST']) @renderer_classes([CustomizeJSONRenderer]) @csrf_protect def…
Vahid
  • 1
  • 1
-1
votes
2 answers

Django | CSRF Verification Failed

I'm building a Django powered blog-like app for practice and learning. I'm working on setting up a form for users to leave comments on posts. I have a Post model that takes in a User foreign key, and a Comment model that takes in a User foreign…
YangTegap
  • 381
  • 1
  • 11
-1
votes
1 answer

Django causing 403 forbidden error when i add csrf middleware

When I add CSRF middleware django.middleware.csrf.CsrfViewMiddleware to prevent xss csrf attack I am getting error response 403 csrf error. I referred to the official doc and old Stack Overflow answers but still I didn't get any idea why it…
skysoft999
  • 540
  • 1
  • 6
  • 27
-1
votes
1 answer

Django CSRF Token Missing For iOS Post Request

Currently, I'm making an application that uses Django Rest Framework as my API and iOS (Swift) as my frontend using Alamofire for API calls. However, I've run into an issue with user authentication - whenever I try to make a POST request to login a…
jblb2424
  • 71
  • 6
-1
votes
1 answer

Inserting data in postgreSQL database by Django model

i found an error when i insert data to postgres database by django model,when i put csrf package in comment then my oage was found successfully else its shows an forbidden error my code and screen shot is below here is html file: {% extends…
Sidy Funda
  • 53
  • 2
  • 7
-1
votes
1 answer

Sending csrf_token in JQuery .post method

How do alter my existing JQuery to pass a crsf_token to my django view; $.post('/historicaldata/input_parameters/', { selected_table: selected_table, selected_column: selected_column, selected_SDT: selected_SDT, selected_EDT:…
Mark Corrigan
  • 544
  • 2
  • 11
  • 29
-1
votes
2 answers

Suspected csrf error in Django view using google protocol buffers

Here is a link to the proto file. Spent a long time trying to figure out the finer points of how the information was being encoded only to realise that if I commented out the HttpResponse line I still received the same internal server error message …
derrend
  • 4,176
  • 4
  • 27
  • 40
-1
votes
1 answer

django. to use csrf, render_to_response must be called; incompatible with ajax as page reloads

I have come to the frightning conclusion that it might not be possible to use ajax and django as far as the csrf protection is concerned: def my_view(request): c = {} c.update(csrf(request)) return render_to_response("a_template.html",…
Jenia Ivanov
  • 2,485
  • 3
  • 41
  • 69
-1
votes
1 answer

Csrf token not working on post data in button click but button submit(form submit) it is fine

How cross site recovery working on bottom click? please help me function DisplaySeatLayout(ticketClassId, theatreId) { $(".tblDetails").show(); var showId = 7; var filmId = 75; var theatreId = theatreId; …
user110104
  • 1
  • 3
-1
votes
2 answers

How does Django 1.4 CSRF work?

I have that urls.py: from django.conf.urls import patterns, url urlpatterns = patterns('', url( r'^login/$', 'django.contrib.auth.views.login', {'template_name': 'loyalty/login.html'}, name='login' ), …
lmasikl
  • 193
  • 2
  • 16
1 2 3
41
42