403 Forbidden CSRF cookie not set even when it is in the form

Question

When I attempt to log in to my django website, I always get a 403 Forbidden CSRF cookie not set error. When viewed via developer tools, the CSRF token was in the form response, but there were no cookies. I have django.middleware.csrf.CsrfViewMiddleware in my middleware, and I am using the standard django.contrib.auth.views.LoginView.
Here is my template:

{% extends 'base/formbase.html' %}

{% block title %}Login{% endblock title %}

{% block menuid %}menu-login{% endblock menuid %}

{% block submitname %}Login{% endblock submitname %}
{% block extra %}
<div class="alert alert-danger">
    <a href="{% url 'password_reset' %}"> Forgot Your Password? </a>
</div>
<div class="alert alert-secondary">
    Don't have an account? <a href="{% url 'signup' %}"> Sign Up! </a>
</div>
{% endblock extra %}

base/formbase.html:

{% extends 'base/base.html' %}

{% load crispy_forms_tags %}

{% block body %}
<div class="row justify-content-center">
    <div class="col-6">
        <div class="card">
            <div class="card-body">
                {% block form %}
                <h2>{% block title %}{% endblock title %}</h2>
                <form method="post" novalidate>
                    {% csrf_token %}
                    {{ form|crispy }}
                    <button type="submit" class="btn btn-primary">{% block submitname %}{% endblock submitname %}
                    </button>
                </form>
                {% endblock form %}
            </div>
            {% block extra %}{% endblock extra %}
        </div>
    </div>
</div>
{% endblock body %}

base/base.html:

<!DOCTYPE html>
{% load base_extra %}
<html lang="en">
<head>
    {% settings gamename "GAME_NAME" %}
    <meta charset="UTF-8">
    <title>{{ gamename }} - {% block title %}{% endblock title %}</title>
    {% block head %}{% endblock head %}


    <meta charset="utf-8">
    <meta name="viewport" content="width=device-width, initial-scale=1, shrink-to-fit=no">

    {% settings debug "DEBUG" %}

    {% if debug %}
    <link rel="stylesheet" href="https://stackpath.bootstrapcdn.com/bootstrap/latest/css/bootstrap.css">

    <script src="https://code.jquery.com/jquery-latest.js"></script>

    <script src="https://unpkg.com/@popperjs/core/dist/umd/popper.js"></script>

    <script src="https://stackpath.bootstrapcdn.com/bootstrap/latest/js/bootstrap.js"></script>


    {% else %}
    <link rel="stylesheet" href="https://stackpath.bootstrapcdn.com/bootstrap/latest/css/bootstrap.min.css">

    <script src="https://code.jquery.com/jquery-latest.min.js"></script>

    <script src="https://unpkg.com/@popperjs/core/dist/umd/popper.min.js"></script>

    <script src="https://stackpath.bootstrapcdn.com/bootstrap/latest/js/bootstrap.min.js"></script>

    {% endif %}

</head>
<body>
<nav class="navbar navbar-expand-lg navbar-dark bg-primary">
    <a class="navbar-brand" href="{% url 'index' %}">{{ gamename }}</a>
    <button class="navbar-toggler" type="button" data-toggle="collapse" data-target="#navbarSupportedContent"
            aria-controls="navbarSupportedContent" aria-expanded="false" aria-label="Toggle navigation">
        <span class="navbar-toggler-icon"></span>
    </button>

    <div class="collapse navbar-collapse" id="navbarSupportedContent">
        <ul class="navbar-nav mr-auto">
            <li class="nav-item" id="menu-home">
                <a class="nav-link" href="{% url 'index' %}">Home <span class="sr-only">(current)</span></a>
            </li>
            <li class="nav-item" id="menu-gamelist">
                <a class="nav-link" href="{% url 'game:game_list' %}">Game List</a>
            </li>
            <li class="nav-item" id="menu-leaderboard">
                <a class="nav-link" href="{% url 'user_list' %}">Leaderboard</a>
            </li>
            {% if request.user.is_staff %}
            <li class="nav-item" id="menu-admin">
                <a class="nav-link" href="{% url 'admin:index' %}">Admin</a>
            </li>
            {% endif %}
        </ul>
        <!--
      <form class="form-inline my-2 my-lg-0">
        <input class="form-control mr-sm-2" type="search" placeholder="Search" aria-label="Search">
        <button class="btn btn-outline-success my-2 my-sm-0" type="submit">Search</button>
      </form>
    -->
        <ul class="navbar-nav ml-auto">
            {% if request.user.is_authenticated %}
            <li class="nav-item dropdown">
                <a class="nav-link dropdown-toggle" href="#" id="navbarDropdown" role="button" data-toggle="dropdown"
                   aria-haspopup="true" aria-expanded="false">
                    {{ request.user }}
                </a>
                <div class="dropdown-menu dropdown-menu-right" aria-labelledby="navbarDropdown">
                    <a class="dropdown-item" href="{% url 'user' user.pk %}">Profile</a>
                    <div class="dropdown-divider"></div>
                    <a class="dropdown-item" href="{% url 'logout' %}">Log out</a>
                </div>
            </li>
            <li class="nav-item">
                <div class="nav-link">${{ request.user.gameinfo.money }}</div>
            </li>
            {% else %}
            <li class="nav-item" id="menu-signup">
                <a class="nav-link" href="{% url 'signup' %}">Sign Up</a>
            </li>
            <li class="nav-item" id="menu-login">
                <a class="nav-link" href="{% url 'login' %}">Log In</a>
            </li>
            {% endif %}
        </ul>
    </div>
</nav>
<div class="mx-3 mt-2">
    <script>
try {
  document.getElementById("{% block menuid %} {% endblock menuid %}").classList.add("active");
}
catch {}
    </script>
    {% block body %}
    {% endblock body %}
</div>
</body>
</html>

Adding the @csrf_protect decorator does not solve the problem.

Answer 1

This may occur if you have CSRF_COOKIE_SECURE = True explanation in the docs Or if you have CSRF_COOKIE_HTTPONLY = True explanation or if you wish to just disable the csrf token you can add the @csrf_exempt decorator to the view