Django requires it so ajax posts to the server require CSRF protection. But CSRF

Question

0

Asked: June 11, 20262026-06-11T08:58:19+00:00 2026-06-11T08:58:19+00:00

Django requires it so ajax posts to the server require CSRF protection. But CSRF

0

Django requires it so ajax posts to the server require CSRF protection. But CSRF requires cookies to be enabled or django will 404 the request. Assuming that nobody has cookies enabled, how should I handle my ajax posts? I don’t want to use the @exempt_csrf decorator for security issues.

(Not sure if csrf protection is even needed for what i’m doing, the ajax requests are just for upvoting and downvoting posts like on this website)

Thank you guys!

Report

Leave an answer
Cancel reply

You must login to add an answer.

Need An Account,

1 Answer

Editorial Team · Answer 1 · 2026-06-11T08:58:20+00:00

Editorial Team

2026-06-11T08:58:20+00:00Added an answer on June 11, 2026 at 8:58 am

Django’s in-built CSRF protection will not work without cookies.
https://docs.djangoproject.com/en/dev/ref/contrib/csrf/#how-it-works

You need to roll your own CSRF protection for these views, if you decide it is required. Or use something like https://github.com/mozilla/django-session-csrf (per Abid A’s answer, the session framework require cookies so this won’t help in your case.)

0

Reply
Share
Share

- Report

Sign Up

Sign In

Forgot Password

The Archive Base Latest Questions

Django requires it so ajax posts to the server require CSRF protection. But CSRF

Leave an answerCancel reply

1 Answer

Leave an answer
Cancel reply