django no csrftoken in cookie
I'm testing to make a POST ajax request and I got a 403 because of no csrftoken. I followed the Document, however, it still doesn't work and I found that the cookie named csrftoken is empty, it means $.cookie("csrftoken") return null.
Can someone tell me the reason and how to set csrftoken into cookie?
Answer
I think you should provide the code how you get the csrf token in your HTML/JS code and settings for your middlewares.
First of all you should check that django.middleware.csrf.CsrfViewMiddleware is turned on.
I had a similar issue, when in python code I used request.META.get('CSRF_COOKIE') to get the token.
When you use this token in template - {% csrf_token %} Django notes that the token was rendered and sets the Cookie in CsrfViewMiddleware.process_response. If you get the token value in other way Django will miss this flag. So it will generate you a token but will not set the corresponding cookie.
I have 2 workarounds in code. You should add it to your views that are used to generate templates with JS code.
1. You can force Django to set the CSRF Cookie:
# Force updating CSRF cookie
request.META["CSRF_COOKIE_USED"] = True
2. Django sets the CSRF_COOKIE_USED automatically if you call get_token
from django.middleware.csrf import get_token
# don't use direct access to request.META.get('CSRF_COOKIE')
# in this case django will NOT send a CSRF cookie. Use get_token function
csrf_token = get_token(request)
Each one of this solutions should work separately. I advice to use get_token