Jquery and Django CSRF Token
You are not passing the csrf token with POST. Try doing what I have done in data. That is to fetch the csrf token (or your own method) and pass it in your arguments.
$.ajax({ url : url, type: "POST", data : {csrfmiddlewaretoken: document.getElementsByName('csrfmiddlewaretoken')[0].value}, dataType : "json", success: function( data ){ // do something }});
If you are sending a POST request body it maybe easier to add the csrf token as a request header instead. I find this approach easier to read, as it does not clutter up the request body with a token. Most AJAX request will send the csrf token as a header as suggested by the Django documentation.
function startTest(testId) { var payload = JSON.stringify({ test_id : testId }); $.ajax({ url: "/test-service/", method: "POST", headers: {'X-CSRFToken': '{{ csrf_token }}'}, data: payload, dataType: "json" }).done(function(response) { console.log(response.id + " " + response.name); }).fail(function (error) { console.log(error); });}
From the docs on CSRF and AJAX:
The CSRF token is also present in the DOM, but only if explicitly included using csrf_token in a template. The cookie contains the canonical token; the CsrfViewMiddleware will prefer the cookie to the token in the DOM. Regardless, you’re guaranteed to have the cookie if the token is present in the DOM, so you should use the cookie!
Example (also from the docs)
// using jQueryfunction getCookie(name) { var cookieValue = null; if (document.cookie && document.cookie != '') { var cookies = document.cookie.split(';'); for (var i = 0; i < cookies.length; i++) { var cookie = jQuery.trim(cookies[i]); // Does this cookie string begin with the name we want? if (cookie.substring(0, name.length + 1) == (name + '=')) { cookieValue = decodeURIComponent(cookie.substring(name.length + 1)); break; } } } return cookieValue;}var csrftoken = getCookie('csrftoken');Or any other way of interacting with cookies could be used.