5

I'm trying to receive a post request in my view from another site but I'm receiving this error in my view:

Forbidden <span>(403)
CSRF verification failed. Request aborted.

    Reason given for failure:
    CSRF cookie not set.

This is my view:

@csrf_exempt
@requires_csrf_token
def notificacao(request):
    if request.method == 'POST':
        notification_code = request.POST['notificationCode']
        if notification_code:
            url = 'https://ws.pagseguro.uol.com.br/v2/transactions/notifications/' + notification_code + '?email=filipe.ferminiano@gmail.com' + '&token=token'
            r = requests.get(url)
            print r['status']
            if r['status']:
                b = teste(name = r['status'])
            else:
                b = teste(name = 'teste errado')
            b.save()
            print 'r ' + r
            return render(request, 'obrigado.html',{'code':notification_code})

        else:
            print 'notification code is null'
            b = teste(name = 'sem notification code')
            b.save()
            return render(request,'obrigado.html')
    else:
        b = teste(name = 'sem metodo post')
        b.save()
        return render(request, 'obrigado.html')

I already checked the documentation and added csrf_exempt and requires_csrf_token

user3511563
  • 397
  • 2
  • 5
  • 18
  • That's strange... not sure what would be happening. Note that adding `@requires_csrf_token` shouldn't help -- that's intended for pages sending CSRF-token-validated requests, not pages receiving non-CSRF-validated requests (though shouldn't be any consequences from including it). – Jeremy Jun 08 '14 at 22:27
  • 1
    [This answer to a similar question](http://stackoverflow.com/a/17424074/1114) suggests that this issue could be caused by using the Django REST Framework, with it's `SessionBackend` enforcing CSRF tokens even if your views say they're not required. Are you also using Django REST Framework? – Jeremy Jun 08 '14 at 22:29
  • @JeremyBanks i'm not using the REST Framework – user3511563 Jun 08 '14 at 22:36
  • Did you add `{% csrf_token %}` into the form in the template ? `
    {% csrf_token %}` like they say in [Django Cross Site Request](https://docs.djangoproject.com/en/dev/ref/contrib/csrf/) in the point `2.`
     – AlvaroAV Jun 09 '14 at 07:05
  • 2
    @Liarez I'm not using any form in my template. I just receive data from another side as a POST request. – user3511563 Jun 09 '14 at 07:46
  • Where is the other side ? Is in the same host ? Could you edit the POST you're receiving ? Could you generate a csrf token in the place that sends you the POST ? – AlvaroAV Jun 09 '14 at 08:06
  • The other side is controlled by a payment service. It's working now. I just added an empty form with csrf_token tag. – user3511563 Jun 09 '14 at 09:11

0 Answers0