Update: This answer is from 2011. CSRF is easy today.
These days you should be using the render
shortcut function return render(request, 'template.html')
which uses RequestContext
automatically so the advice below is outdated by 8 years.
- Use
render
https://docs.djangoproject.com/en/2.2/topics/http/shortcuts/ - Add CSRF middleware https://docs.djangoproject.com/en/2.2/ref/csrf/
- Use the
{% csrf_token %}
template tag - Confirm you see the CSRF token value being generated, AND submitted in your form request
Original Response
My guess is that you have the tag in the template but it’s not rendering anything (or did you mean you confirmed in the actual HTML that a CSRF token is being generated?)
Either use RequestContext
instead of a dictionary
render_to_response("foo.html", RequestContext(request, {}))
Or make sure you have django.core.context_processors.csrf
in your CONTEXT_PROCESSORS
setting.