Django - CSRF token missing or incorrect

I just updated my django to 1.4. But I am getting the following error when I try to submit my login form:

Forbidden (403) CSRF verification failed. Request aborted. Reason given for failure: CSRF token missing or incorrect.

In my settings.py (MIDDLEWARE_CLASSES) I had to remove the following line because its now deprecated:

'django.middleware.csrf.CsrfResponseMiddleware',

And than I started to to get this error.

Some necessary information: Urls.py

url(r'^login/$', 'django.contrib.auth.views.login', {'template_name': 'registration/login.html'}, name='login')

MIDDLEWARE_CLASSES = (
    'django.middleware.gzip.GZipMiddleware',
    'django.middleware.common.CommonMiddleware',
    'django.contrib.sessions.middleware.SessionMiddleware',
    'django.middleware.csrf.CsrfViewMiddleware',
    'django.contrib.auth.middleware.AuthenticationMiddleware',
    'django.contrib.messages.middleware.MessageMiddleware',
#   'django.middleware.csrf.CsrfResponseMiddleware',
    'django.contrib.flatpages.middleware.FlatpageFallbackMiddleware',
)

{% extends "base.html" %}
{% block title %} Login {% endblock %}
{% block content %}



   <div id="text">
        <table>
          <form action="" method="post">
          {% csrf_token %}
            <tr>
                <td><label for="username">Email:</label></td>
                <td><input type="text" name="username" value="" id="username"></td>
            </tr>
            <tr>
                <td><label for="password">Password:</label></td>
                <td><input type="password" name="password" value="" id="password"></td>
            </tr>
            <tr>
                <td><input type="submit" value="Login" />
            {% if next %}
                <input type="hidden" name="next" value="{{ next }}" /></td>
            {% else %}
                <input type="hidden" name="next" value="/" /></td>
            {% endif %}
            </tr>
          </form>
        </table>


      {% if form.errors %}
        <p class="error">User or password incorrect</p>
      {% endif %}
    </div>
{% endblock %}

Does anyone knows how to solve this problem?

标签： django django-authentication django-csrf

3条回答

成全新的幸福

2楼-- · 2020-03-01 08:30

I had similar issue where my app was deployed on HTTPS. I had to change setting flag CSRF_COOKIE_HTTPONLY to false so client server can access csrf cookie.

0人赞添加讨论(0) 举报

Explosion°爆炸

3楼-- · 2020-03-01 08:34

The code looks fine, Django 1.3 and 1.4 auth.views.login uses RequestContext correctly. Please check:

Firstly clear data of browser and try again
What's the value of submitted csrfmiddlewaretoken
Do you import correct Django?
Just make sure, is there UserWarning in console like?: "A {% csrf_token %} was used in a template, but the context did not provide the value. This is usually caused by not using RequestContext."

0人赞添加讨论(0) 举报

Summer. ? 凉城

4楼-- · 2020-03-01 08:54

For 1.3 and 1.4, "django.middleware.csrf.CsrfResponseMiddleware" should be named "django.middleware.csrf.CsrfViewMiddleware"
Also, for me clearing Google Chrome's cookies made it work.

0人赞添加讨论(0) 举报

Django - CSRF token missing or incorrect

采纳回答

编辑标签

举报内容

检举类型

检举原因

检举说明(必填)

打开微信“扫一扫”，打开网页后点击屏幕右上角分享按钮

付费偷看金额在0.1-10元之间