Forbidden (403) CSRF verification failed. Request aborted.

Using Django Forms & APIs
1

If any user disabled cookies then csrf verification will fail. How to set up csrf at this time? I am using Django traditional form submission instead of Ajax. And I already included {% csrf_token %} inside the Django form. For testing purposes, I disabled all the cookies. So without cookies, how to set up csrf and submit the form?


MIDDLEWARE = [
    'django.middleware.security.SecurityMiddleware',
    'django.contrib.sessions.middleware.SessionMiddleware',
    'django.middleware.common.CommonMiddleware',
    'django.middleware.csrf.CsrfViewMiddleware',
 ....
    
]

<form action="{% url 'home' %}" method="POST" id="my-form">
    <input type="text" name="fname" >
    {% csrf_token %}
    <button type="submit">Submit</button>
</form>
2

There is an options to have the token stored in sesson instead of a cookie, see Settings | Django documentation | Django.

However, if cookies aren’t allowed, then the user isn’t going to properly support sessions, either. See How to use sessions | Django documentation | Django

Do what we do - require autheticated users enable cookies for your site. It’s functionally required.

3

I already tried with CSRF_USE_SESSIONS = True and migrate. But still getting the same error while disabling the cookie and submitting post request.

4

Right. That’s what I tried to point out in my reply. It’s not designed to work when cookies are disabled.