[Fixed]-Django ajax post 403 forbidden


got it working by adding {% csrf_token %} somewhere within the form in my template


you can actually pass this along with your data {csrfmiddlewaretoken:'{{csrf_token}}’ } , it works all the time


In my case I have a template in which I don’t want to have a <form></form> element. But I still want to make AJAX POST requests using jQuery.

I got 403 errors, due to CSRF cookie being null, even if I followed the django docs (https://docs.djangoproject.com/en/1.5/ref/contrib/csrf/). The solution is in the same page, mentioning the ensure_csrf_cookie decorator.

My CSRF cookie did get set when I added this at the top of my views.py:

from django.views.decorators.csrf import ensure_csrf_cookie

Also, please note that in this case you do not need the DOM element in your markup / template: {% csrf_token %}

Leave a comment