How to pass value to the url in Django while event occurs?

Question

I'm trying to send a value to the URL, whenever event occurs it shows:

error that the Forbidden (CSRF token missing or incorrect.): /mapreq [03/Nov/2017 11:08:27] "POST /mapreq HTTP/1.1" 403 2502

This is the script:

<script>
        $(document).ready(function () {
            $('path').mouseup(function () {
                document.getElementById('state').innerHTML = $(this).attr('aria-label');
                var state_lbl = document.getElementById('state').innerHTML = $(this).attr('aria-label');
                loadstate(state_lbl);

            })
        });

        function loadstate(state_lal) {
            $.ajax({
                type: "POST",
                url: "mapreq",
                data: {'state': state_lal}
            });
        }
    </script>

Answer 1

In your settings.py file comment or remove the 'django.middleware.csrf.CsrfViewMiddleware' line from middelware classes.

`MIDDLEWARE_CLASSES = (
    'django.contrib.sessions.middleware.SessionMiddleware',
    'django.middleware.locale.LocaleMiddleware',
    'django.middleware.common.CommonMiddleware',
#     'django.middleware.csrf.CsrfViewMiddleware',
)`

Then you will not get the error message related to CSRF token.

Otherwise Add CSRF key in parameter list like:

'data: { CSRF: getCSRFTokenValue()}'

Answer 2

You need to pass the csrf token. It is important to protect your users data.

With a JavaScriptCookie you can get it like that:

var csrftoken = Cookies.get('csrftoken');
var data = new FormData();

data.append('state',state_lal);
data.append('csrftoken', csrftoken);


 function loadstate(state_lal) {
        $.ajax({
            type: "POST",
            url: "mapreq",
            data: data,
        });

If you do not want to use a third-party just have a look at this documentation. Here is also the third-party mentioned but also the way without it.