Home/ Questions/Q 8910147
In Process

The Archive Base Latest Questions

Editorial Team
  • 0
Asked: 2026-06-15T03:36:51+00:00

I’m testing to make a POST ajax request and I got a 403 because

  • 0

I’m testing to make a POST ajax request and I got a 403 because of no csrftoken. I followed the Document, however, it still doesn’t work and I found that the cookie named csrftoken is empty, it means $.cookie("csrftoken") return null.

Can someone tell me the reason and how to set csrftoken into cookie?

Share

Leave an answer

You must login to add an answer.

Need An Account,

1 Answer

  1. Editorial Team

    I think you should provide the code how you get the csrf token in your HTML/JS code and settings for your middlewares.

    First of all you should check that django.middleware.csrf.CsrfViewMiddleware is turned on.

    I had a similar issue, when in python code I used request.META.get('CSRF_COOKIE') to get the token.

    When you use this token in template – {% csrf_token %} Django notes that the token was rendered and sets the Cookie in CsrfViewMiddleware.process_response. If you get the token value in other way Django will miss this flag. So it will generate you a token but will not set the corresponding cookie.

    I have 2 workarounds in code. You should add it to your views that are used to generate templates with JS code.

    1. You can force Django to set the CSRF Cookie:

    # Force updating CSRF cookie
request.META["CSRF_COOKIE_USED"] = True

    2. Django sets the CSRF_COOKIE_USED automatically if you call get_token

    from django.middleware.csrf import get_token
# don't use direct access to request.META.get('CSRF_COOKIE')
# in this case django will NOT send a CSRF cookie. Use get_token function
csrf_token = get_token(request)

    Each one of this solutions should work separately. I advice to use get_token

    • 0