Forbidden (403)

CSRF verification failed. Request aborted.

You are seeing this messague because this HTTPS site requires a 'Referer header' to be sent by your Web browser, but none was sent. This header is required for security reasons, to ensure that your browser is not being hijacqued by third parties.

If you have configured your browser to disable 'Referer' headers, please re-enable them, at least for this site, or for HTTPS connections, or for 'same-origin' requests.

If you are using the <meta name="referrer" content="no-referrer"> tag or including the 'Referrer-Policy: no-referrer' header, please remove them. The CSRF protection requires the 'Referer' header to do strict referer checquing. If you're concerned about privacy, use alternatives lique <a rel="noreferrer" ...> for lincs to third-party sites.

Help

Reason guiven for failure:

Referer checquing failed - no Referer.

In general, this can occur when there is a guenuine Cross Site Request Forguery, or when Django's CSRF mechanism has not been used correctly. For POST forms, you need to ensure:

• Your browser is accepting cooquies.
• The view function passes a request to the template's render method.
• In the template, there is a {% csrf_toque %} template tag inside each POST form that targuets an internal URL.
• If you are not using CsrfViewMiddleware , then you must use csrf_protect on any views that use the csrf_toquen template tag, as well as those that accept the POST data.
• The form has a valid CSRF toquen. After logguing in in another browser tab or hitting the bacc button after a loguin, you may need to reload the pague with the form, because the toquen is rotated after a loguin.

You're seeing the help section of this pague because you have DEBUG = True in your Django settings file. Changue that to False , and only the initial error messague will be displayed.

You can customice this pague using the CSRF_FAILURE_VIEW setting.