I am getting this when I run my django site's form:
Forbidden (403)
CSRF verification failed. Request aborted.
Help
Reason given for failure:
CSRF token missing or incorrect.
In general, this can occur when there is a genuine Cross Site Request Forgery, or when Django's CSRF mechanism has not been used correctly. For POST forms, you need to ensure:
request
to the template's render
method.{% csrf_token %}
template tag inside each POST form that targets an internal URL.CsrfViewMiddleware
, then you must use csrf_protect
on any views that use the csrf_token
template tag, as well as those that accept the POST data.You're seeing the help section of this page because you have DEBUG = True
in your Django settings file. Change that to False
, and only the initial error message will be displayed.
You can customize this page using the CSRF_FAILURE_VIEW setting.
This is the form:
from django import forms
from django.shortcuts import render
from django.http import HttpResponseRedirect
CARRIER_CHOICES =(
('@txt.freedommobile.ca', 'Freedom Mobile'),
('@txt.luckymobile.ca', 'Lucky Mobile'),
)
class RegisterForm (forms.Form):
username = forms.CharField()
password = forms.CharField()
check_password = forms.CharField()
phone = forms.IntegerField(required=False)
carrier = forms.ChoiceField(choices=CARRIER_CHOICES, required=False)
def register (request):
if request.method == 'POST':
form = RegisterForm(request.POST)
if form.is_valid():
if password == check_password:
phone = str(phone)
# carrier_txt = 'txt'
# carrier_domain = 'freedommobile'
# carrier_web = 'ca'
# email = phone + '@' + carrier_txt + '.' + carrier_domain + '.' + carrier_web
email = phone + carrier
print (email)
elif password != check_password:
form = RegisterForm(request.POST)
return render (request, 'register.html', {'form': form})
else:
form = RegisterForm(request.POST)
return render (request, 'register.html', {'form': form})
and this is the HTML:
{% include 'base.html' %}
<head>
<title>Register</title>title>
</head>
<body>
<h1>Register</h1>
<form action="." method="POST">
<table>
{{ form.as_table }}
</table>
<p><input type="submit" value="Submit"></p>
</form>
</body>
@ Kovy.Jacob this is due to missing csrf_token in your html form. You need to add like this in your html ,