I was getting this 403 error today while attempting to make a POST request to a view:

403 Forbidden

CSRF verification failed. Request aborted.

Help Reason given for failure:

CSRF cookie not set.

Edit 10/29/2010 I’ve modified this post to only contain the proper way of resolving the issue. You can read about Cross Site Request Forgeries here and Django’s protection mechanisms here

To resolve the 403 issue, you want to add the csrf_token template tag within your form somewhere. This adds a hidden div with the value of the input as the csrf token:

1
2
3
4

<form action="..." method="POST">
    {% csrf_token %}
    ...
</form>

If you’d like to not protect against CSRF with Django’s built in mechanisms, use the csrf_exempt decorator:

1
2
3
4
5

from django.views.decorators.csrf import csrf_exempt
...
@csrf_exempt
def my_func(request):
    ...