Django CSRF framework cannot be disabled and is breaking my site

Yes, Django csrf framework can be disabled.

To manually exclude a view function from being handled by any CSRF middleware, you can use the csrf_exempt decorator, found in the django.views.decorators.csrf module. For example: (see doc)

from django.views.decorators.csrf import csrf_exempt                                          
def my_view:                                                                            
    return Httpresponse("hello world")

..and then remove {% csrf_token %} inside the forms from your template,or leave other things unchanged if you have not included it in your forms.

Leave a Comment