Django CSRF Cookie Not Set

Question

I have some problem for a while now  I m experiencing CSRF Cookie not set  Please look at the codes below Python def deposit request  account num       if request method     POST           account   get object or 404 account info  acct number account num          form    AccountForm request POST or None  instance account          form   BalanceForm request POST          info   str account info objects filter acct number account num           inf   info split                    if form is valid                   cd form cleaned data             now   datetime datetime now               cmodel   form save               cmodel acct number   account num                            RepresentsInt cmodel acct number              cmodel bal change    quot  0 2f quot    float cmodel bal change              cmodel total balance    quot  0 2f quot     float inf 1     float cmodel bal change               account balance    quot  0 2f quot    float cmodel total balance              cmodel total balance    quot  0 2f quot    float cmodel total balance                             cmodel bal change cmodel bal change             cmodel issued   now strftime  quot  m  d  y  I  M  S  p quot               account recent change   cmodel issued             cmodel save               account save                            return HttpResponseRedirect  quot  history  quot    account num    quot   quot                    else              return render to response  history html                                           account form   form                                         context instance RequestContext request     In the HTML here is the code HTML  lt form action  quot  deposit    account num     quot  method  quot post quot  gt       lt table gt           lt tr gt                 account form bal change                 amp nbsp               lt input type  quot submit quot  value  quot Deposit quot   gt           lt  tr gt             csrf token         lt  table gt   lt  form gt   Im stuck  I already cleared the cookie  used other browser but still csrf cookie not set

User · Answer

This problem arose again recently due to a bug in Python itself.

http://bugs.python.org/issue22931

https://code.djangoproject.com/ticket/24280

Among the versions affected were 2.7.8 and 2.7.9. The cookie was not read correctly if one of the values contained a [ character.

Updating Python (2.7.10) fixes the problem.

User · Answer

try to check if your have installed in the settings py   MIDDLEWARE CLASSES      django middleware common CommonMiddleware    django contrib sessions middleware SessionMiddleware    django middleware csrf CsrfViewMiddleware      In the template the data are formatted with the csrf token    lt form gt    csrf token     lt  form gt

User · Answer

If you re using DRF  check if your urlpatterns are correct  maybe you forgot  as view     So that how mine code looked like     urlpatterns    path  resource   ResourceView     And that s how it should like     urlpatterns    path  resource   ResourceView as view

User · Answer

If you re using the HTML5 Fetch API to make POST requests as a logged in user and getting Forbidden  CSRF cookie not set    it could be because by default fetch does not include session cookies  resulting in Django thinking you re a different user than the one who loaded the page   You can include the session token by passing the option credentials   include  to fetch   var csrftoken   getCookie  csrftoken    var headers   new Headers    headers append  X-CSRFToken   csrftoken   fetch   api upload         method   POST       body  payload      headers  headers      credentials   include

User · Answer

Problem seems that you are not handling GET requests appropriately or directly posting the data without first getting the form    When you first access the page  client will send GET request  in that case you should send html with appropriate form   Later  user fills up the form and sends POST request with form data   Your view should be   def deposit request account num      if request method     POST         form  AccountForm request POST or None  instance account        if form is valid                handle form data           return HttpResponseRedirect   history     account num              else            handle when form not valid     else          handle when request is GET  or not POST         form  AccountForm instance account       return render to response  history html                               account form   form                             context instance RequestContext request

User · Answer

In your view are you using the csrf decorator    from django views decorators csrf import csrf protect   csrf protect  def view request  params

User · Answer

This also occurs when you don t set the form action  For me  it was showing this error when the code was     lt form class  navbar-form form-inline my-2 my-lg-0  role  search  method  post  gt    When I corrected my code into this    lt form class  navbar-form form-inline my-2 my-lg-0  action     url  someurl      role  search  method  post  gt    my error disappeared

User · Answer

I came across a similar situation while working with DRF  the solution was appending  as view   method to the View in urls py

User · Answer

I was using Django 1 10 before So I was facing this problem  Now I downgraded it to Django 1 9 and it is working fine

User · Answer

Check that chrome s cookies are set with default option for websites  Allow local data to be set  recommended

User · Answer

Clearing my browser s cache fixed this issue for me  I had been switching between local development environments to do the django-blog-zinnia tutorial after working on another project when it happened  At first  I thought changing the order of INSTALLED APPS to match the tutorial had caused it  but I set these back and was unable to correct it until clearing the cache

User · Answer

from django http import HttpResponse from django views decorators csrf import csrf exempt   csrf exempt  def your view request       if request method     POST             do something     return HttpResponse  Your response

User · Answer

Method 1   from django shortcuts import render to response return render to response       history html       RequestContext request             account form   form           Method 2    from django shortcuts import render return render request   history html          account form   form       Because render to response method may case some problem of response cookies

User · Answer

This can also occur if CSRF COOKIE SECURE   True is set and you are accessing the site non-securely or if CSRF COOKIE HTTPONLY   True is set as stated here and here

User · Answer

Make sure your django session backend is configured properly in settings py  Then try this   class CustomMiddleware object     def process request self request HttpRequest         get token request    Add this middleware in settings py under MIDDLEWARE CLASSES or MIDDLEWARE depending on the django version  get token - Returns the CSRF token required for a POST form  The token is an alphanumeric value  A new token is created if one is not already set

User · Answer

I had the same error  in my case adding method decorator helps   from django views decorators csrf import csrf protect from django utils decorators import method decorator  method decorator csrf protect  def post self  request

User · Answer

I have just met once  the solution is to empty the cookies  And may be changed while debugging SECRET KEY related

User · Answer

From This You can solve it by adding the ensure csrf cookie decorator to your view  from django views decorators csrf import ensure csrf cookie  ensure csrf cookie def yourView request           if this method doesn t work  you will try to comment csrf in middleware  and test again

[python] Django CSRF Cookie Not Set

Examples related to python

Examples related to django