Home/ Questions/Q 8364647
In Process

The Archive Base Latest Questions

Editorial Team
  • 0
Asked: 2026-06-09T12:28:28+00:00

I am just building a simple HTML form with POST method and unfortunately I

  • 0

I am just building a simple HTML form with POST method and unfortunately I am finding CSRF verification error.

This is just a simple html form using POST method on localhost. There are no cross sites involved. I could definitely fix it by using csrf_token but I still don’t understand why django is asking me for that..

There are no re-directions/ iframes involved here…

So, why this is happening?? is this normal to all ??

# Also tried using RequestContext(request) but there isn't any change in the error

#settings.py 
'django.middleware.csrf.CsrfViewMiddleware' in MIDDLEWARE_CLASSES

#views.py 

# url for home page is "" i.e, http://127.0.0.1:8000/
def HomePage (request):
    if request.method == "POST":
        form = myForm(request.POST)
        if form.is_valid():
            data = form.cleaned_data
            context = { "myForm" : myForm(choices),
                        "values" : data,
                       }
            return render_to_response("home.html", context)
    else:
        form = myForm(choices)
    context = {"myForm" : form}
    return render_to_response("home.html", context)   


# home.html 

<div id="pingmeeForm">
            <form action="" method="post">
                <table>
                    {{myForm.as_table}}
                </table>
                <input name="enter" type="submit" value="enter"/>
            </form>
            {{values}}
</div>

# forms.py

class myForm (forms.Form):

    def __init__(self, my_choices,*args, **kwargs):
        super(myForm, self).__init__(*args, **kwargs)
        self.fields['Friends'] = forms.ChoiceField(choices=my_choices)

    message = forms.CharField()
Share

Leave an answer

You must login to add an answer.

Need An Account,

1 Answer

  1. Editorial Team

    If you do a post request, you typically change the state of the server. If you change the state of the server, you don’t want to allow other sites to do so. To protect against other sites issueing post-requests on your server, you add csrf protection. Therefore the solution should (imho) never be to remove the Csrf protection. Depending on the situation, either of the following two is the case:

    1. Your post request does not change the state. In that case, make it a get request.
    2. Your post request changes the state. You need CSRF.
    • 0