Forbidden (CSRF token missing or incorrect.):

django django-csrf

10,890

This error is caused by processData and contentType options in your ajax function. Removing these two options will fix the issue.

Explanation: The arguments must be sent to Django as urlencoded with Content-Type application/x-www-form-urlencoded. Whereas, if you set processData: false it won't encode the POST parmaters and contentType: false will send ajax POST request as text/plain.

10,890

Author by

ankit

I like programming

Updated on July 26, 2022

Comments

ankit 5 months

I am making ajax call like below:

var data_dict = {'user':{{ user.id }}, 'bookId':that.id, 'csrfmiddlewaretoken': '{{ csrf_token }}'};
    $.ajax({
        type: 'POST',
        url:"/issuebook",
        data:data_dict,
        processData: false,
        contentType: false,
        success:function(response)
        {
        }
    });

urls.py is:

urlpatterns = [
url(r'^$',views.checkLogin,name='checklogin'),
url(r'^mylibrary/(?P<pk>\d+)/(?P<user_name>[\w\-]+)$',login_required(views.MyLibrary.as_view()),name='mylibrary'),
url(r'^centrallibrary/(?P<pk>\d+)/(?P<user_name>[\w\-]+)$',login_required(views.CentralLibrary.as_view()),name='centrallibrary'),
url(r'^issuebook$',login_required(views.IssueBookView.as_view()),name='issuebook'),

]

I am getting "Forbidden (CSRF token missing or incorrect.): /issuebook" error on ajax call.

The csrf token in ajax call is getting rendered as:

var data_dict = {'user':{{ user.id }}, 'bookId':that.id, 'csrfmiddlewaretoken':'fSSdu8dJ4FO6FvDz8eU5ISzOewRYyGbC'};
                    $.ajax({
                        type: 'POST',
                        url:"/issuebook",
                        data:data_dict,
                        contentType: false,
                        success:function(response)
                        {
                        }
                    });

Mazdak over 6 years

You just passed the string '{{ csrf_token }}' as csrfmiddlewaretoken, and your ajax call can't match it with the relative one. Instead you can get the hash value of csrf token manually from your html in your call function.
v1k45 over 6 years

Add the rendered HTML template in the question too.
ankit over 6 years

@v1k45 i have added the rendered {{ csrf_token }} in the edited question. Apart from this I am just rendering few string values in the template which is working fine
ankit over 6 years

@v1k45 also I am not using any forms in the template. This ajax call is done on button click event
Rohit Jain over 6 years

Try setting the X-CSRFToken request header to csrftoken, in ajax request.

Axwack over 4 years

What if it's set to this? Content-Type: application/json;charset=UTF-8. Will that work? I get the same error as above.
xyres over 4 years

@Axwack No, it won't work. Django does't understand application/json POST request. Try sending the data as Content-Type: application/x-www-form-urlencoded. If you can't control the request, there's another way to accept json request. If you'd like to know, I'll post another comment.