Hello,
I am accessing my view from a Drupal application that sends in data via
POST. I'm not using any REST API such as
piston, django-tastypie.
A few days ago, I'm smiling and happy that it all worked. Today, it's a
different story. I'm currently getting:
Forbidden (403)
CSRF verification failed. Request aborted.
Help
Reason given for failure:
No CSRF or session cookie.
In general, this can occur when there is a genuine Cross Site Request
Forgery, or when Django's CSRF mechanism has not
been used correctly. For POST forms, you need to ensure:
The view function uses RequestContext for the template, instead of
Context.
In the template, there is a {% csrf_token %} template tag inside each
POST form that targets an internal URL.
If you are not using CsrfViewMiddleware, then you must use csrf_protect
on any views that use the csrf_token
template tag, as well as those that accept the POST data.
You're seeing the help section of this page because you have DEBUG = True in
your Django settings file. Change that to
False, and only the initial error message will be displayed.
You can customize this page using the CSRF_FAILURE_VIEW setting.
To mention, I'm sending the data using Accept: application/json header and
not the regular 'Accept: application/x-www-form-urlencoded'
I have done everything humanly possible:
- Added the required middlewares including the deprecated
'django.middleware.csrf.CsrfResponseMiddleware'
- added csrf_token
- added @decorator
- seen all blogs that talked about this as well as the official Django doc.
What else?
Please help.
--
Odeyemi 'Kayode O.
http://www.sinati.com. t: @charyorde
--
You received this message because you are subscribed to the Google Groups
"Django users" group.
To post to this group, send email to django-users@googlegroups.com.
To unsubscribe from this group, send email to
django-users+unsubscr...@googlegroups.com.
For more options, visit this group at
http://groups.google.com/group/django-users?hl=en.
