CODEWITHSUNDEEP
ajaxdjangocookiesdjango-formscsrf
Red
Red

Reputation: 65

Django Ajax Request still results to CSRF Token Missing or Incorrect

I tried all the documentation on Django and other answers here in StackOverflow but the result is still (CSRF Token Missing or Incorrect)

So here is my view in views.py:

class MyView(View):
    @method_decorator(ensure_csrf_cookie)
    def post(self, request, *args, **kwargs):
        t = TemplateResponse(request, 'mytemplate.html', data)
        t.render()
        return JsonResponse({'html' : t.content, 'title' : data['title']})

and this is the ajax in my js file which is in a function for a click event:

        $.ajax({
            url: window.location.href,
            type: 'POST',
            data: data,
            beforeSend: 
                function(xhr, settings) {
                    if (!csrfSafeMethod(settings.type) && !this.crossDomain) {
                        var token = $.cookie('csrftoken');
                        console.log(token);
                        xhr.setRequestHeader("X-CSRFToken", token);
                    }
                },
            success:
                function(result) {
                },
        });

The first call is successful but the succeeding call leads to missing token.

For the debugging, I used console.log and it is returning a different token every click.

Upvotes: 1

Views: 842

Answers (1)

anjaneyulubatta505
anjaneyulubatta505

Reputation: 11665

Add the below code in the script. This will send the csrf token in the request in each ajax request

1. This will allow to get csrf token

// using jQuery
function getCookie(name) {
    var cookieValue = null;
    if (document.cookie && document.cookie !== '') {
        var cookies = document.cookie.split(';');
        for (var i = 0; i < cookies.length; i++) {
            var cookie = jQuery.trim(cookies[i]);
            // Does this cookie string begin with the name we want?
            if (cookie.substring(0, name.length + 1) === (name + '=')) {
                cookieValue = decodeURIComponent(cookie.substring(name.length + 1));
                break;
            }
        }
    }
    return cookieValue;
}
var csrftoken = getCookie('csrftoken');

2. This will send csrf token on every ajax request

function csrfSafeMethod(method) {
    // these HTTP methods do not require CSRF protection
    return (/^(GET|HEAD|OPTIONS|TRACE)$/.test(method));
}

$.ajaxSetup({
    beforeSend: function(xhr, settings) {
        if (!csrfSafeMethod(settings.type) && !this.crossDomain) {
            xhr.setRequestHeader("X-CSRFToken", csrftoken);
        }
    }
});

3.Now send your ajax request

$.ajax({
    url: window.location.href,
    type: 'POST',
    data: data,
    success: function(result) {
      console.log(result);
    },
});

For more information visit django official documentation

Upvotes: 2

Related Questions