Forbidden (CSFR token missions or incorrect): /tz_detect/set
See original GitHub issueWhen running this on a pretty clean django install I cannot get the POST to work.
I have it setup as below:-
djsite/djsite/Settings.py
INSTALLED_APPS = [
'cals.apps.CalsConfig',
'django.contrib.admin',
'django.contrib.auth',
'django.contrib.contenttypes',
'django.contrib.sessions',
'django.contrib.messages',
'django.contrib.staticfiles',
'tz_detect',
]
MIDDLEWARE = [
'django.middleware.security.SecurityMiddleware',
'django.contrib.sessions.middleware.SessionMiddleware',
'django.middleware.common.CommonMiddleware',
'django.middleware.csrf.CsrfViewMiddleware',
'django.contrib.auth.middleware.AuthenticationMiddleware',
'django.contrib.messages.middleware.MessageMiddleware',
'django.middleware.clickjacking.XFrameOptionsMiddleware',
'tz_detect.middleware.TimezoneMiddleware',
TEMPLATES = [
{
'BACKEND': 'django.template.backends.django.DjangoTemplates',
'DIRS': [],
'APP_DIRS': True,
'OPTIONS': {
'context_processors': [
'django.template.context_processors.debug',
'django.template.context_processors.request',
'django.contrib.auth.context_processors.auth',
'django.contrib.messages.context_processors.messages',
],
},
},
]
]
djsite/djsite/urls.py
urlpatterns = [
url(r'^cals/', include('cals.urls')),
url(r'^admin/', admin.site.urls),
url(r'^tz_detect/', include('tz_detect.urls')),
]
djsite/cals/views.py
def index(request):
now = datetime.datetime.now()
context = RequestContext(request, {})
context["now"] = now
template = loader.get_template('cals/cals_small.html')
return HttpResponse(template.render(context))
djsite/cals/templates/cals/cals_small.html
<html>
<head></head>
{% load tz_detect %}
<body>
It is {% now "jS F Y H:i" %}
{% tz_detect %}
</body>
</html>
I get the below output from runserver
"GET /cals/ HTTP/1.1" 200 510
"GET /static/tz_detect/js/tzdetect.js HTTP/1.1" 200 2643
Forbidden (CSRF token missing or incorrect.): /tz_detect/set/
"POST /tz_detect/set/ HTTP/1.1" 403 2502
It’s been a long day so I am likely doing something wrong but would appreciate it if you could take a look.
Python 3.6.0 Django version 1.10.5
Issue Analytics
- State:
- Created 7 years ago
- Comments:6 (3 by maintainers)
Top Results From Across the Web
Django - CSRF token missing or incorrect - Stack Overflow
I just updated my django to 1.4. But I am getting the following error when I try to submit my login form: Forbidden...
Read more >Forbidden (CSRF token missing or incorrect.) - Django Forum
Getting error: Forbidden (CSRF token missing or incorrect.) You need to make sure that the csrf token is included in your AJAX POST....
Read more >Forbidden (CSRF token missing or incorrect.) - Google Groups
Reason given for failure: CSRF token missing or incorrect. In general, this can occur when there is a genuine Cross Site Request Forgery,...
Read more >Django : Forbidden (CSRF token missing or incorrect.)
Django : Forbidden ( CSRF token missing or incorrect.): [ Beautify Your Computer : https://www.hows.tech/p/recommended.html ] Django ...
Read more >How to resolve CSRF token missing or incorrect in ... - YouTube
How to resolve CSRF token missing or incorrect in Django form submission. 32K views 4 years ago. HowTo. HowTo. 70K subscribers. Subscribe.
Read more >Top Related Medium Post
No results found
Top Related StackOverflow Question
No results found
Troubleshoot Live Code
Lightrun enables developers to add logs, metrics and snapshots to live code - no restarts or redeploys required.
Start FreeTop Related Reddit Thread
No results found
Top Related Hackernoon Post
No results found
Top Related Tweet
No results found
Top Related Dev.to Post
No results found
Top Related Hashnode Post
No results found
Top GitHub Comments
In my case the issue was caused by using
render_to_response
without passing aRequestContext
. Sincerender_to_response
is pretty much deprecated I switched to usingrender
(properly) and it works just fine now. 👍Thanks!
Hi @c4n1,
Thank you for reporting this. I’m not sure I’m going to be able to look at this just yet (perhaps @bashu knows more?). I suspect this is because things need updating for newer Django versions. However, you should be able to get around this my updating your urls.py as follows: