Stack Overflow
Stack Overflow

Questions tagged [django-csrf]

django-csrf is the Cross Site Request Forgery (CSRF) protection middleware for Django.

The Csrf Middleware for Django modifies outgoing requests that are associated with a session by adding a hidden form field to all 'POST' forms, with name 'csrfmiddlewaretoken' and a value which is a hash of the session ID plus a secret.

The middleware then processes all incoming POST requests that have the session cookie set, checks that the 'csrfmiddlewaretoken' is present and correct, and if it isn't, throws a 403 error.

618 questions
6
votes
3 answers

CSRF with jquery and $.post in django 1.3

In django 1.3 you now have to use csrf even with ajax. I use jquery and I now want to add the csrf token to the $.post. How can i do this? I am not very skilled in jquery so it would be nice with a good description. It is a rating app and the post…
tmpethick
  • 135
  • 3
  • 9
6
votes
1 answer

Where is the csrftoken stored in Django database?

Where is the csrftoken stored? When I access an API endpoint (logout API, it do not need the params): POST /rest-auth/logout/ HTTP/1.1 Host: 10.10.10.105:8001 Connection: keep-alive Content-Length: 0 Accept: application/json, text/plain, */* Origin:…
user7693832
  • 6,119
  • 19
  • 63
  • 114
6
votes
2 answers

django and python requests - getting a 403 on a post request

I am using requests to log into my Django site for testing (and yes, I know about the Django TestClient, but I need plain http here). I can log in and, as long as I do get requests, everything is OK. When I try to use post instead, I get a 403 from…
JL Peyret
  • 10,917
  • 2
  • 54
  • 73
6
votes
3 answers

Forbidden (CSRF token missing or incorrect) Django error

I am very new to Django. The name of my project is rango and I have created a URL named '/rango/tagger' that is supposed to send an object. In my java-script, I have tried to communicate with this route by sending it an ajax request as…
nerdier.js
  • 591
  • 1
  • 4
  • 15
6
votes
1 answer

Why is Selenium causing a CSRF 403?

I'm trying to create a simple login test using Django and Selenium, but getting a 403 due to a CSRF failure. I'm expecting the middleware to add the cookie on the GET request and then parse it back out on the POST. Here's what I've checked so far:…
Brian Dant
  • 4,029
  • 6
  • 33
  • 47
6
votes
1 answer

Django - 403 Forbidden CSRF verification failed

I have a contact form in Django for my website and when I was testing it locally it was working fine but now when I try to submit my contact form "live" it always comes up with 403 Forbidden CSRF verification failed. view: def contact(request): …
Elijah
  • 561
  • 1
  • 7
  • 19
6
votes
2 answers

"detail": "CSRF Failed: CSRF token missing or incorrect."

I'm making RESTful API using Tastypie, and when I try to POST/PUT/DELETE a request it says: "detail": "CSRF Failed: CSRF token missing or incorrect.". It works fine with GET. I've read various threads on SO, saying: to delete the cookies or use…
Praful Bagai
  • 16,684
  • 50
  • 136
  • 267
6
votes
1 answer

How Will the Inclusion of Two Forms Affect my CSRF Token Use?

I am attempting to create a page that includes two forms: one that is visible when the page loads (a signin form), and a second that appears in a modal if the user clicks a button (a signup form). I am using Django, and, although I am still figuring…
nmagerko
  • 6,586
  • 12
  • 46
  • 71
6
votes
2 answers

csrf token is showing?

I am new to Django and csrf tokens, so this is a total newb question. I have a simple checkmark box on detail.html:
{% csrf_token %}

user776942
5
votes
2 answers

csrf token Follow up

Hello and thank you in advance. This is a follow up question from the following thread (not sure if I should have posted there or started a new thread...: CSRF token missing or incorrect even though I have {% csrf_token %} I am not sure what I need…
dpbklyn
  • 781
  • 3
  • 10
  • 19
5
votes
1 answer

Ajax call failing in Django

I have the following ajax call to update a particular field of a model $("#updateLink").click(function(){ var dec_text = $('#desc_text').val(); $.ajax({ type: "POST", url:"/users/update_desc/", data: { 'val':…
Sachin
  • 3,672
  • 9
  • 55
  • 96
5
votes
1 answer

Forbidden (CSRF cookie not set.) when sending POST/DELETE request from Vue.js to Django

I have been trying for a while to send a POST or DELETE request from my Vue front-end to my Django backend. I am running Vue.js on my localhost:3000, and Django on localhost:8000. I have set up CORS with django-cors-headers, and I am able to GET…
Kishan Parshotam
  • 51
  • 1
  • 2
5
votes
2 answers

send csrf_token in JSON request (no ajax)

I'm trying to send a JSON request to my Django application with a csrf token, but I can't figure out how. I've gotten the token into a variable that I can reference, but I don't know how to send it through the JSON request with fetch. I've added…
patrick
  • 185
  • 2
  • 7
5
votes
0 answers

Django Rest Framework - issue with DELETE - CSRF not found

I'm using Django Rest Framework with CSRF. POST and PUT methods work as expected, but DELETE is giving error 403 with - following message "{"detail":"CSRF Failed: CSRF token missing or incorrect."}. It appears that frontend application (Angular) is…
Radoslaw Szwarc
  • 76
  • 4
5
votes
2 answers

Django Admin Login 403 Forbidden (CSRF cookie not set.)

I am trying to login admin panel but I am getting 403 Forbidden error. Last week, there was not error. I did not change anything. I almost tried all solution of same problems in StackOverFlow. Please help me! Thanks for reading. I apologize for my…
Batuhan Gürses
  • 116
  • 1
  • 9
1 2 3
41 42