403 Forbidden error when making an ajax Post request in Django framework

Because you did not post the csrfmiddlewaretoken, so Django forbid you.this document can help you.

For the lazy guys:

First download cookie: http://plugins.jquery.com/cookie/

Add it to your html:

<script src="{% static 'designer/js/jquery.cookie.js' %}"></script>

Now you can create a working POST request:

var csrftoken = $.cookie('csrftoken');function csrfSafeMethod(method) {    // these HTTP methods do not require CSRF protection    return (/^(GET|HEAD|OPTIONS|TRACE)$/.test(method));}$.ajaxSetup({    beforeSend: function(xhr, settings) {        if (!csrfSafeMethod(settings.type) && !this.crossDomain) {            xhr.setRequestHeader("X-CSRFToken", csrftoken);        }    }});$.ajax(save_url, {    type : 'POST',    contentType : 'application/json',    data : JSON.stringify(canvas),    success: function () {        alert("Saved!");    }})

The fastest solution if you are not embedding js into your template is:

Put <script type="text/javascript"> window.CSRF_TOKEN = "{{ csrf_token }}"; </script> before your reference to script.js file in your template, then add csrfmiddlewaretoken into your data dictionary:

$.ajax({            type: 'POST',            url: somepathname + "do_it/",            data: {csrfmiddlewaretoken: window.CSRF_TOKEN},            success: function() {                console.log("Success!");            }        })

If you do embed your js into the template, it's as simple as: data: {csrfmiddlewaretoken: '{{ csrf_token }}'}