Stuck on an issue?

Lightrun Answers was designed to reduce the constant googling that comes with debugging 3rd party libraries. It collects links to all the places you might be looking at while hunting down a tough bug.

And, if you’re still stuck at the end, we’re happy to hop on a call to see how we can help out.

Forbidden (CSFR token missions or incorrect): /tz_detect/set

See original GitHub issue

When running this on a pretty clean django install I cannot get the POST to work.

I have it setup as below:-

djsite/djsite/Settings.py

INSTALLED_APPS = [
    'cals.apps.CalsConfig',
    'django.contrib.admin',
    'django.contrib.auth',
    'django.contrib.contenttypes',
    'django.contrib.sessions',
    'django.contrib.messages',
    'django.contrib.staticfiles',
    'tz_detect',
]

MIDDLEWARE = [
    'django.middleware.security.SecurityMiddleware',
    'django.contrib.sessions.middleware.SessionMiddleware',
    'django.middleware.common.CommonMiddleware',
    'django.middleware.csrf.CsrfViewMiddleware',
    'django.contrib.auth.middleware.AuthenticationMiddleware',
    'django.contrib.messages.middleware.MessageMiddleware',
    'django.middleware.clickjacking.XFrameOptionsMiddleware',
    'tz_detect.middleware.TimezoneMiddleware',

TEMPLATES = [
    {
        'BACKEND': 'django.template.backends.django.DjangoTemplates',
        'DIRS': [],
        'APP_DIRS': True,
        'OPTIONS': {
            'context_processors': [
                'django.template.context_processors.debug',
                'django.template.context_processors.request',
                'django.contrib.auth.context_processors.auth',
                'django.contrib.messages.context_processors.messages',
            ],
        },
    },
]

]

djsite/djsite/urls.py

urlpatterns = [
    url(r'^cals/', include('cals.urls')),
    url(r'^admin/', admin.site.urls),
    url(r'^tz_detect/', include('tz_detect.urls')),
]

djsite/cals/views.py

def index(request):
    now = datetime.datetime.now()
    context = RequestContext(request, {})
    context["now"] = now
    template = loader.get_template('cals/cals_small.html')
    return HttpResponse(template.render(context))

djsite/cals/templates/cals/cals_small.html

<html>
    <head></head>
    {% load tz_detect %}
    <body>
        It is {% now "jS F Y H:i" %}
        {% tz_detect %}
    </body>
</html>

I get the below output from runserver

"GET /cals/ HTTP/1.1" 200 510
"GET /static/tz_detect/js/tzdetect.js HTTP/1.1" 200 2643
Forbidden (CSRF token missing or incorrect.): /tz_detect/set/
"POST /tz_detect/set/ HTTP/1.1" 403 2502

It’s been a long day so I am likely doing something wrong but would appreciate it if you could take a look.

Python 3.6.0 Django version 1.10.5

Issue Analytics

State:
Created 7 years ago
Comments:6 (3 by maintainers)

Top GitHub Comments

1reaction

blagcommented, Apr 24, 2017

In my case the issue was caused by using render_to_response without passing a RequestContext. Since render_to_response is pretty much deprecated I switched to using render (properly) and it works just fine now. 👍

Thanks!

1reaction

adamcharnockcommented, Feb 21, 2017

Hi @c4n1,

Thank you for reporting this. I’m not sure I’m going to be able to look at this just yet (perhaps @bashu knows more?). I suspect this is because things need updating for newer Django versions. However, you should be able to get around this my updating your urls.py as follows:

urlpatterns = [
    url(r'^cals/', include('cals.urls')),
    url(r'^admin/', admin.site.urls),
    url(r'^set/$', csrf_exempt(SetOffsetView.as_view()), name="tz_detect__set"),
]