Django – CSRF verification failed. Request aborted.


When trying to access your Django site within CSRF configured you receive the following via a Forbidden (403) HTTP error message:

CSRF verification failed. Request aborted.
No CSRF or session cookie.


In my scenario I found that the order of settings.MIDDLEWARE_CLASSES was incorrect. Below shows you an example


from django.shortcuts import render_to_response
from django.template import RequestContext

def input(request):
    return render_to_response(‘input.html’, context_instance=RequestContext(request))

def output(request):
    if ‘q’ in request.POST:
        message = request.POST[‘q’]
        message = ‘error’
    return render_to_response(‘output.html’, {‘message’: message}, context_instance=RequestContext(request))



  <form action=”/output/” method=”POST”>
  {% csrf_token %}
    <input type=”text” name=”q”>
    <input type=”submit” value=”input”>


Rick Donato

Want to become a Django expert?

Here is our hand-picked selection of the best courses you can find online:
The Complete Web Development Bootcamp course
Django Practical Guide course
Django Full Stack Developer Bootcamp
and our recommended certification practice exams:
AlphaPrep Practice Tests - Free Trial