"How to fix the 'csrf' error in 'Django'?"

Question

I'm using Django with Atom engine and when I log in to the link http://127.0.0.1:8000 it gets me a csrf error. what should I do?

in the .html file if you have some form tag like

you must input {%csrf_token%} for the cross atack its like defence :) Welcome to our community by the way :) — İsa GİRİŞKEN, May 21 '19 at 07:03
please read this https://docs.djangoproject.com/en/2.2/ref/csrf/ — rahul.m, May 21 '19 at 07:03
does this help: https://stackoverflow.com/questions/3197321/csrf-error-in-django Also paste your html — Vijay Agrawal, May 21 '19 at 07:03

score 0 · Answer 1 · answered May 21 '19 at 07:04

0

 For example this is my file form


 <form method="post" enctype="multipart/form-data">
            {% if makale.makale_foto %}
          <img class="img-fluid rounded" src="{{ makale.makale_foto.url }}" alt="">
              {% else %}
              <div class="alert alert-danger">Fotoğraf Eklenmemiş</div>
          {% endif %}
          {% csrf_token %} //this is csrf 
           {{ form|crispy }}
      <input type="submit" class="btn btn-info" style="width:100%" value="Kaydet">
      </form>

answered May 21 '19 at 07:04

İsa GİRİŞKEN

216
1
9

but there are many pages like views, model, URLs. In which page should I add it? – aryan May 21 '19 at 07:09
İn templates directory on html file under the
tag
– İsa GİRİŞKEN May 21 '19 at 15:12

score 0 · Answer 2 · answered May 21 '19 at 07:52

What you mean "There are many pages like views, model, URLs" ? You have wrong understanding about components (IMHO).

You should send csrftoken to server, every time you make HTTP POST request. Imagine that you have a form,,,

<form action="/" method="POST">
    <input type="text" name="name" />
    <input type="text" name="surname" />
    {% csrf_token %}  <!-- This template tag generates html "hidden" field with csrf token -->
    <input type="submit" value="click" />
</form>

If you are making Ajax Request, you must also send csrftoken on the server, there are many strategies of it. The most important is that Django has CsrfMiddleware which reads data from request.POST and request.COOKIES and compares each other. It's also possible avoid csrf protection. Read documentation carefully.

I am absolutely clueless. Do you mind showing me a picture of that? — aryan, May 21 '19 at 08:15
No, you should provide us more information about you html form, or ajax calls. — gachdavit, May 21 '19 at 08:17

"How to fix the 'csrf' error in 'Django'?"

2 Answers2