Stack Overflow
Stack Overflow

Questions tagged [django-csrf]

django-csrf is the Cross Site Request Forgery (CSRF) protection middleware for Django.

The Csrf Middleware for Django modifies outgoing requests that are associated with a session by adding a hidden form field to all 'POST' forms, with name 'csrfmiddlewaretoken' and a value which is a hash of the session ID plus a secret.

The middleware then processes all incoming POST requests that have the session cookie set, checks that the 'csrfmiddlewaretoken' is present and correct, and if it isn't, throws a 403 error.

618 questions
4
votes
1 answer

Django CSRF cookie not set in several browsers

I have very strange problem - CSRF cookie not set on some of clients browsers. What could it potentially be? All needed middleware is enabled, and as I said above, problem appears only on very small count of machines, although another Django-powered…
Sergey Burma
  • 425
  • 3
  • 11
4
votes
1 answer

Django can not delete csrftoken after logout

I am using varnish as a front end cache for a Django app. It all works well with regards to the VCL configuration. The issue i have is that after the user logs out the csrftoken cookie is not deleted and from then on the varnish has a MISS response…
Joao Da Silva
  • 14,519
  • 1
  • 15
  • 7
4
votes
2 answers

CSRF Cookie not set or CSRF verification failed for https upload on django website

django-csrf django As many people around, I've had a lot of problems using CSRF and Django. Here is the context : - I've created a https website where user can upload files - I've used Django 1.4.2 to create this website - I've created an app…
user1795007
  • 61
  • 1
  • 4
4
votes
2 answers

Django + jQuery: Why CSRF verification fails on multiple simultaneous requests

I've encountered the following situation (using Django1.4 and jQuery 1.7.1) which I would like to understand: I submit a form via jQuery 'ajax' function and before this request finishes I click another element which submits the same form but using…
fjern
  • 41
  • 5
4
votes
1 answer

csrf with ajax and django post

Using jquery1.7.1 and django1.3 ,I was trying to make a post request through ajax,in some tutorial code I found on web $(document).ready(function(){ $("#create").click(create_note); }); var create_note = function() { var title =…
damon
  • 8,127
  • 17
  • 69
  • 114
3
votes
2 answers

iPhone POSTing to Django and gets CSRF verification failed

I send a POST request from IPhone to Django and get "CSRF verification failed", which I can't perfectly understand. I tried to find a good solution over the internet, but I couldn't . is there any simple way to POST to django? this is my code: …
Amit Hagin
  • 3,136
  • 6
  • 26
  • 36
3
votes
1 answer

Django {% csrf_token %} or @csrf_protect

I am curious: I know there are 2 ways of csrf protection in Django: {% csrf_token %} in templates and @csrf_protect in views. So, question is: are they interchangeable? I mean I can use for example only @csrf_protect i my views without {% csrf_token…
Vitalii Ponomar
  • 10,686
  • 20
  • 60
  • 88
3
votes
0 answers

ensure_csrf_cookie method decorator not setting CSRF token in browser cookies tab

I'm working on a project using Django as API backend (hosted on localhost:8000) and React (hosted on localhost:3000) as frontend. My plan is to host them on different servers in production as well. I'm currently trying to set the CSRF token in the…
GermanProgrammer99
  • 33
  • 3
3
votes
0 answers

Django CSRF token issue in incognito mode for all browsers

I have a django version 3.1.5 where i can login to admin using incognito mode of browser by entering username and password. But when I upgrade my django version to 3.2.14 and try to login admin using incognito mode of browser it shows Forbidden…
Akram
  • 958
  • 5
  • 11
3
votes
1 answer

CSRF Exempt Django Auth Password Reset View for Cross Domain request

I have a separate front end and backend site and I am trying to enable users on the front end to reset their password. I have created an endpoint for them to do so which works when accessed via the backend site. But when I try to access the…
RobinReborn
  • 431
  • 2
  • 7
  • 23
3
votes
1 answer

CSRF Token problem when I add dropzone to an existing form in Django

I'm working with a Django form using dropzone to upload images. But I don't want to add the dropzone to the entire form, just to a div of it. Here is the template: {% extends 'base.html' %} {% load static %} {% load i18n %} {% block content…
Danilo
  • 43
  • 4
3
votes
4 answers

CSRF token missing or incorrect - Django

I'm trying to build a Django webapp to test the functionalities of a Forex Converter I installed with pip. I created an application with django-startapp Converter and routed the url /convert to the view convert_view(). This is my views.py file: from…
Mario Mateaș
  • 638
  • 7
  • 25
3
votes
1 answer

Django: 'CSRF verification failed' only happens on one computer!

I have a strange issue here with my Django app. I implemented the user auth/profiles, and I can log in successfully, etc, with various computers and from three different internet locations. It all works, except for this one computer. This one…
apexdodge
  • 6,657
  • 4
  • 26
  • 33
3
votes
1 answer

CSRF cookie not set Django cross-site iframe in chrome

I'm trying to use an iframe of my django site in a different domain, however whenever I submit a form, It says the CSRF cookies is not set. This occurs in chrome and safari. I am running Django 3.1.0. I've tried adding the following settings in my…
Mohammed Sarnow
  • 61
  • 4
3
votes
1 answer

CSRF_COOKIE_SAMESITE equivalent for django 1.6.5

I am trying to launch my application which was written using django 1.6.5 version, in a salesforce webtab iframe. I was getting a "CSRF cookie not set" error while trying to login. I understood through the console logs that in the latest version of…
Vineeth Vishwanath
  • 141
  • 1
  • 11
1 2 3
41 42