Forbidden (403)

CSRF verification failed. Request aborted.

+{% if no_referer %} +

You are seeing this message because this HTTPS site requires a 'Referer + header' to be sent by your Web browser, but none was sent. This header is + required for security reasons, to ensure that your browser is not being + hijacked by third parties.

+ +

If you have configured your browser to disable 'Referer' headers, please + re-enable them, at least for this site, or for HTTPS connections, or for + 'same-origin' requests.

+{% endif %} +

Help

+ {% if reason %} +

Reason given for failure:

+    {{ reason }}
+

+ {% endif %} + +

In general, this can occur when there is a genuine Cross Site Request Forgery, or when + Django's + CSRF mechanism has not been used correctly. For POST forms, you need to + ensure:

+ +

Your browser is accepting cookies.
The view function uses RequestContext + for the template, instead of Context.
In the template, there is a {% templatetag openblock %} csrf_token + {% templatetag closeblock %} template tag inside each POST form that + targets an internal URL.
If you are not using CsrfViewMiddleware, then you must use + csrf_protect on any views that use the csrf_token + template tag, as well as those that accept the POST data.

+ +

You're seeing the help section of this page because you have DEBUG = + True in your Django settings file. Change that to False, + and only the initial error message will be displayed.

+ +

You can customize this page using the CSRF_FAILURE_VIEW setting.