CSRF token missing?

I have a project called django_swing. Within this project i have 2 different app. One is interface and the other is users.
Within the django_swing folder for urls.py, I have the following:

path('login/', auth_views.LoginView.as_view(template_name='users/login.html'), name='login'),
path('register/', user_views.register, name='register'),

Within the users folder for views.py, I have the following:

def register(request):
    if request.method == 'POST':
        form = UserCreationForm(request.POST)
        if form.is_valid():
            form.save()
            username = form.cleaned_data.get('username')
            messages.success(request, f'Account created for {username}!')
            return rediect('login')
    else:
        form = UserCreationForm()
    return render(request, 'users/register.html', {'form':form})

Using the link of 127.0.0.1/register, i get the output from register.html which has the following:

<body>
        <div class="content-page">
            <div class="content">
            <form method="POST">
                {% csrf_token %}
                <fieldset>
                    <legend>Register here</legend>
                    {{form.as_p}}
                </fieldset>
                <button class="btn btn-primary" type="submit">Sign Up</button>
            </form>
            </div>
            </div>
    </body>

But when i key in a new account and press sign up, I get the following : CSRF verification failed. Request aborted. I already have the following {% csrf_token %} in the html though

Have you followed all the steps in the How to use it section of the CSRF protection docs? (Specifically, is your Middleware configured for this?)

Do you have any forms working with the CSRF token, or are all of them failing? (Or is this the only one so far?)

Have you looked at the rendered page in the browser to verify that the csrf_token is present in the html form?

Have you verified in your browsers network tab that the csrf_token is being passed back to the server in the POST data?

Thanks for the quick reply. Yes it is set up properly.
I have other pages within interface that uses form with CSRF token and it worked. This is the only page that is not working so far.
All i can see from the browser network tab currently is 403 forbidden

You can look at the headers (and the cookies) for the request that is getting the 403 response to verify that the token is being returned to the server.

(You can look at one that you know is working first to see what you’ll be looking for in this case.)

You’ll want to compare what’s being rendered in the page to what you’re sending back.

To be honest, I still don’t know why I am looking for.
This the output after i clicked sign up.


I compared it with one of my working pages, there seems to be not much differences except for number of requests and some warning.
This is the output from one of my other page

In your first image, about in the middle, there’s a line that starts with “register/” showing the 403 response code.

If you click on the word “register/”, another panel appears, allowing you to see more details about the request.

The first tab on that panel is labeled “Headers”. Scroll to the bottom of that and you will see the form data being submitted. One of those fields should be “csrfmiddelwaretoken”. It should match an input field in your form that should look basically like this:
<input type="hidden" name="csrfmiddlewaretoken" value="(bunch of letters and numbers)">

1 Like

Sorry for the late reply. Oh okay. Thanks for explaining this as I didnt know how to use this. But the issue is solved currently