Skip to main content

Posts

Showing posts from July, 2020

How to resolve Forbidden(403) if Djangos CSRF mechanism has not been used in POST method

Are you a newbie to Django like me. ? if yes , you would have come across "Forbidden (403)" when you are using forms or when you have used ajax post method to your app view and have not used CSRF mechanism properly. Below are ways I have resolved the 403 issue. Even before we see how CSRF should be used , we will see what CSRF is actually for. Cross Site Request Forgery protection " The CSRF middleware and template tag provides easy-to-use protection against Cross Site Request Forgeries. This type of attack occurs when a malicious website contains a link, a form button or some JavaScript that is intended to perform some action on your website, using the credentials of a logged-in user who visits the malicious site in their browser. A related type of attack, ‘login CSRF’, where an attacking site tricks a user’s browser into logging into a site with someone else’s credentials, is also covered."  Please see:   https://docs.djangoproject.com/en/3.0/ref/csrf/#module-djan...