Forbidden (CSRF token missing or incorrect)

Tue, 21 May 2019 14:52:08 -0700 

Hi Django Devs,

Got a problem that I don't understand what's going on or why its gone 
missing.

Logs says:
csrf.py:process_view#184: Forbidden (CSRF token missing or incorrect.)


The necessary code is in there:

$("document").ready(function () {

    //------------------------------------
    //Setup X-CSRFToken header for
    //XHR requests.
    //------------------------------------
    $.ajaxSetup({
        beforeSend: function (xhr, settings) {
            function getCookie(name) {
                var cookieValue = null;
                if (document.cookie && document.cookie != '') {
                    var cookies = document.cookie.split(';');
                    for (var i = 0; i < cookies.length; i++) {
                        var cookie = jQuery.trim(cookies[i]);
                        // Does this cookie string begin with the name we 
want?
                        if (cookie.substring(0, name.length + 1) == (name + 
'=')) {
                            cookieValue = decodeURIComponent(cookie.
substring(name.length + 1));
                            break;
                        }
                    }
                }
                return cookieValue;
            }

            if (!(/^http:.*/.test(settings.url) || /^https:.*/.test(settings
.url))) {
                // Only send the token to relative URLs i.e. locally.
                xhr.setRequestHeader("X-CSRFToken", getCookie('csrftoken'));
            }
        }
    });



However, on the Network DevTools, it shows that the CSRFToken is null

Host: django.project.localhost
User-Agent: Mozilla/5.0 (X11; Fedora; Linux x86_64; rv:66.0) Gecko/20100101 
Firefox/66.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://xxx.xxx.xxx.xxx/someURL
Content-Type: application/x-www-form-urlencoded; charset=UTF-8
X-CSRFToken: null
X-Requested-With: XMLHttpRequest
Content-Length: 347
Connection: keep-alive
Cookie: cookiesession1=05D05AA6TMRNUKHVEOY2WSF7DYB0F3; 
csrftoken=CY9TvQT97LpOZDhF6xZldBrAX4Igyt; 
sessionid=1e4c34b81175fb33465c0197e4ec3a

So as we can see the csrftoken is there, but not able to get it and store 
in X-CSRFToken, even though the code hasn't changed, now its not working.

-- 
You received this message because you are subscribed to the Google Groups 
"Django users" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to django-users+unsubscr...@googlegroups.com.
To post to this group, send email to django-users@googlegroups.com.
Visit this group at https://groups.google.com/group/django-users.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/django-users/06c22757-9814-4d02-b340-3e7e4373c420%40googlegroups.com.
For more options, visit https://groups.google.com/d/optout.

Reply via email to