Forbidden 403 : CSRF Validation failed error in Firefox, not in chrome

Question

I have a webpage with more than 1 form with POST. I have included {% csrf_token %} in each of the forms.

<form class="form-horizontal clearfix" role="form" id="Form1" method="post"> {% csrf_token %}

In my view I have used bot ensure_csrf_cookie and csrf_protect decorators

@ensure_csrf_cookie
@csrf_protect
@operation('monitor')
def monitor(request, **kwargs):

The first POST request fetches some details from the backend and displays it in the UI. After that, some data is requested from the user and then the second form is submitted.

In firefox: When I first load the page and after the first post the csrftoken is X. For the second post request also, the csrftoken cookie is the same. But once the error is thrown, the csrf cookie changes to a different value. If I refresh the page after that, csrftoken remains the same and if I post the request again it succeeds. I have also verified that the form has the hidden value csrfmiddlewaretoken. This matches the cookie. I don't see any 404 for favicon when the page is loaded. This was there before. But I fixed that and chrome started working.

In chrome: This is working.

Any pointers on how to solve this?

Answer 1

It was the favicon.ico not found error. I added this in my base.html.

<link rel="shortcut icon" type="image/png" href="{% static "tools/ico/favicon.ico" %}"/>

Reference: https://code.djangoproject.com/ticket/28488#comment:22