Reputation: 153
Django --CSRF token missing or incorrect
So I am getting Forbidden (403) CSRF verification failed. Request aborted. Reason given for failure: CSRF token missing or incorrect.
I have the 'django.middleware.csrf.CsrfViewMiddleware', in my middleware_classes.
Here is my template
<form name="input" action="/login/" method="Post"> {% csrf_token %}
<input type="submit" value="Submit"></form>
Here is my view
from django.shortcuts import render_to_response
from django.core.context_processors import csrf
from django.template import RequestContext
def login(request):
csrfContext = RequestContext(request)
return render_to_response('foo.html', csrfContext)
Well I am new to Django and most web development, but I cannot seem to find the problem here. Any help would be much appreciated!
Also i have tried the method in the django documentation
c = {}
c.update(csrf(request))
# ... view code here
return render_to_response("a_template.html", c)
Upvotes: 15
Views: 77817
Answers (7)
Reputation: 150
Just add this line .
$.ajaxSetup({
data: {csrfmiddlewaretoken: '{{ csrf_token }}' },
});
Upvotes: 3
Reputation: 1
While disabling the CSRF tokens and manually getting the CSRF token value would still have worked. But, in my case the syntax was not properly structured as in html we don't worry about our script design but I think when using jinja i.e. Our templating language it matter's and yes that's how I solved my problem.
Upvotes: 0
Reputation: 11
go urls and add the .as_view() next to the view metho/class ex.
ObtainAuthTokenView.as_view()
Upvotes: 0
Reputation: 5684
I had the same problem with you and i found this code that solve my problem.
from django.views.decorators.csrf import csrf_exempt
from django.shortcuts import render
from django.contrib import auth
#in accounts.forms i've placed my login form with two fields, username and password
from accounts.forms import LoginForm
@csrf_exempt
def login(request):
if request.method == "POST":
form = LoginForm(request.POST)
if form.is_valid():
user = auth.authenticate(
username=form.cleaned_data["username"],
password=form.cleaned_data["password"])
auth.login(request, user)
return HttpResponseRedirect("/")
else:
form = LoginForm()
return render(request, 'accounts/login.html', {'form':form})
Upvotes: 17
Reputation: 17659
Try adding the @csrf_protect decorator just before your login function.
from django.views.decorators.csrf import csrf_protect
@csrf_protect
def login(request):
csrfContext = RequestContext(request)
return render_to_response('foo.html', csrfContext)
If the form is not in foo.html then you need to add the @csrf_protect method to the view function that is generating it.
Upvotes: 10
Reputation: 27861
You should do the following:
def login(request):
context = {}
request_context = RequestContext(request)
return render_to_response('foo.html', context,
request_context=request_context)
Here are official docs for render_to_response.
Upvotes: 0
Related Questions
- CSRF token missing or incorrect - Django
- Django. CSRF token missing or incorrect
- Django: CSRF token missing or incorrect. / avoid {% csrf_token %}
- Django: CSRF token missing or incorrect
- django csrf token : CSRF token missing or incorrect
- CSRF token missing or incorrect in django
- CSRF token missing or invalid
- Getting error 403 (CSRF token missing or incorrect)
- Vexed by csrf_token -- though it's there
- Django - 403 Forbidden - CSRF token missing or incorrect