I'm trying to using AJAX POST with Django as per the docs - this works fine if I'm logged in to the site. But if I'm logged out or using incognito, my csrftoken is not being set - I've tried putting {{csrf_token}}
to check, which returns the value NOTPROVIDED
.
What could be causing the token not to generate?
- I'm using
render
so I don't think it's a context processor issue - The
django.middleware.csrf.CsrfViewMiddleware
is present, and I've not changed any default csrf settings - The
ensure_csrf_cookie
decorator works fine
I'm running Django 1.7.
Simplified version of the view (without the ensure_csrf_cookie
decorator):
def pg2(request, **kwargs):
name_slug = kwargs.pop('name_slug')
num_guests = request.session['guests']
date = request.session['date']
venue = get_object_or_404(Venue, name_slug=name_slug)
try:
rental = request.session['rental']
except:
rental = None
filtered_items = Item.objects.filter(venue_id=venue.pk)
context = {'venue':venue, 'rental':rental, 'filtered_items':filtered_items}
return render(request, 'app/pg2.html', context)
My middleware in settings:
MIDDLEWARE_CLASSES = (
'django.contrib.sessions.middleware.SessionMiddleware',
'django.middleware.common.CommonMiddleware',
'django.middleware.common.BrokenLinkEmailsMiddleware',
'django.middleware.csrf.CsrfViewMiddleware',
'django.contrib.auth.middleware.AuthenticationMiddleware',
'django.contrib.auth.middleware.SessionAuthenticationMiddleware',
'django.contrib.messages.middleware.MessageMiddleware',
'django.contrib.redirects.middleware.RedirectFallbackMiddleware',
'django.middleware.clickjacking.XFrameOptionsMiddleware',
'project.middleware.SecureRequiredMiddleware', # to add SSL
)