[Solved]-Django: Forbidden (CSRF cookie not set.)


If you have set the CSRF_COOKIE_SECURE to be True in your settings file, then the cookie will be marked as “secure” and therefore will need an HTTPS connection.

Which is why you receive that error.

For more information here.



I modify urls.py

If you manage your routes in urls.py, you can wrap your desired routes with csrf_exempt() to exclude them from the CSRF verification middleware.

from django.conf.urls import patterns, url
from django.views.decorators.csrf import csrf_exempt
from . import views

urlpatterns = patterns('',
    url(r'^object/$', csrf_exempt(views.ObjectView.as_view())),

In views.py

class ObjectView(CreateView):

    def post(self, request):
        if request.method == 'POST':
             #enter you view


I found the solution here:
Django Rest Framework remove csrf

I use in some parts of the system the DRF and maybe it was generating the CSRF error and ignoring the csrf_exempt decorator.


CSRF_TRUSTED_ORIGINS = ['https://<my_domain>.com']

the code above work like margic

Leave a comment