Hello, I am accessing my view from a Drupal application that sends in data via POST. I'm not using any REST API such as piston, django-tastypie.
A few days ago, I'm smiling and happy that it all worked. Today, it's a different story. I'm currently getting: Forbidden (403) CSRF verification failed. Request aborted. Help Reason given for failure: No CSRF or session cookie. In general, this can occur when there is a genuine Cross Site Request Forgery, or when Django's CSRF mechanism has not been used correctly. For POST forms, you need to ensure: The view function uses RequestContext for the template, instead of Context. In the template, there is a {% csrf_token %} template tag inside each POST form that targets an internal URL. If you are not using CsrfViewMiddleware, then you must use csrf_protect on any views that use the csrf_token template tag, as well as those that accept the POST data. You're seeing the help section of this page because you have DEBUG = True in your Django settings file. Change that to False, and only the initial error message will be displayed. You can customize this page using the CSRF_FAILURE_VIEW setting. To mention, I'm sending the data using Accept: application/json header and not the regular 'Accept: application/x-www-form-urlencoded' I have done everything humanly possible: - Added the required middlewares including the deprecated 'django.middleware.csrf.CsrfResponseMiddleware' - added csrf_token - added @decorator - seen all blogs that talked about this as well as the official Django doc. What else? Please help. -- Odeyemi 'Kayode O. http://www.sinati.com. t: @charyorde -- You received this message because you are subscribed to the Google Groups "Django users" group. To post to this group, send email to django-users@googlegroups.com. To unsubscribe from this group, send email to django-users+unsubscr...@googlegroups.com. For more options, visit this group at http://groups.google.com/group/django-users?hl=en.