“CSRF token missing or incorrect” while post parameter via AJAX in Django

by

You can make AJAX post request in two different ways:

  1. To tell your view not to check the csrf token. This can be done by using decorator @csrf_exempt, like this:

    from django.views.decorators.csrf import csrf_exempt

@csrf_exempt
def your_view_name(request):
    ...

  2. To embed a csrf token in each AJAX request, for jQuery it may be:

    $(function () {
    $.ajaxSetup({
        headers: { "X-CSRFToken": getCookie("csrftoken") }
    });
});

    Where the getCookie function retrieves csrf token from cookies. I use the following implementation:

    function getCookie(c_name)
{
    if (document.cookie.length > 0)
    {
        c_start = document.cookie.indexOf(c_name + "=");
        if (c_start != -1)
        {
            c_start = c_start + c_name.length + 1;
            c_end = document.cookie.indexOf(";", c_start);
            if (c_end == -1) c_end = document.cookie.length;
            return unescape(document.cookie.substring(c_start,c_end));
        }
    }
    return "";
 }

    Also, jQuery has a plugin for accessing cookies, something like that:

    // set cookie
$.cookie('cookiename', 'cookievalue');
// read cookie
var myCookie = $.cookie('cookiename');
// delete cookie
$.cookie('cookiename', null);

More Related Contents:

  1. Django Rest Framework remove csrf
  2. Django/jQuery Cascading Select Boxes?
  3. What is the right way to use angular2 http requests with Django CSRF protection?
  4. CSRF with Django, React+Redux using Axios
  5. Extending the User model with custom fields in Django
  6. log all sql queries
  7. How do I use pagination with Django class based generic ListViews?
  8. Django File upload size limit
  9. Variable subtraction in django templates
  10. How to set a value of a variable inside a template code?
  11. Django ModelForm: What is save(commit=False) used for?
  12. Navigation in django
  13. Inline Form Validation in Django
  14. How to deploy an HTTPS-only site, with Django/nginx?
  15. Django custom managers – how do I return only objects created by the logged-in user?
  16. Make sure only one worker launches the apscheduler event in a pyramid web app running multiple workers
  17. Django: Validate file type of uploaded file
  18. Django data migration when changing a field to ManyToMany
  19. CSRF Failed: CSRF token missing or incorrect
  20. Django, SESSION_COOKIE_DOMAIN with multiple domains
  21. Organizing Django unit tests
  22. Django templates: value of dictionary key with a space in it
  23. How can I list urlpatterns (endpoints) on Django?
  24. how to show datepicker calendar on datefield
  25. Order by count of a ForeignKey field?
  26. Django removing object from ManyToMany relationship
  27. Byte Ranges in Django [closed]
  28. Django ORM: Group by and Max
  29. Nginx connection reset, response from uWsgi lost
  30. Log in / Sign up directly on home page

Leave a Comment