Issues with CSRF post Python 3.6 Upgrade


I recently joined a team that was using Django 1.11 and Python 2. Recently we setup a new Python 3.6 virtual environment and migrated our Django 1.11 code over to the new venv. We left all of the database configurations in tact and made no changes to the Django We have successfully started the new Django instance and everything appears to be working as expected; however, our forms that are protected by CSRF are throwing 403 errors (Reason given: CSRF token missing or incorrect.)

I’m not sure if we missed something, or if there is something we need to reset, but the only way we have been able to get around this is to use the @csrf_exempt decorator which isn’t something we really want to do.

Any ideas or pointers would be greatly appreciated.

Thank you!

Having never run into anything like this, I don’t have any specific information, other than just starting at the beginning and working things through.

First, I’d make sure there’s nothing being cached in the browser that might be causing problems. I’d clear all cookies and stored data.

Then I’d look at the form in the browser’s developer tools to verify that the token has been rendered and is present in the page.

Then I’d look at the POST being sent to the server from the developer tools network tab to verify that the token was being returned. Where I’d go from there would depend upon what I’ve found out so far.


I’d highly suspect Python 2/3 bytes versus string mixup.

Searching the ticket tracker reveals some related issues:

(Btw I wrote a blog post on upgrading 2 to 3, that may help with your upgrade in general: )

1 Like