When working with Django and third party libraries, you may encounter a CSRF error on login or any other form submission. This is because Django requires a CSRF token to be sent with every form submission except GET requests or if the form has the csrf_exempt decorator.
During my work with Django, I have encountered this error many times, sometimes due to my own mistakes and sometimes due to third party libraries or user behavior.
The default behavior of Django is to raise a CSRF error and return a 403 page with a message that the CSRF token is missing or incorrect. This is not a very user friendly message and can be confusing to users.
But if you look closely at the error message, you will see that it is possible to customize the CSRF_FAILURE_VIEW in Django.
How to Customize CSRF Failure View Django
First of you need to edit your settings.py file and add the following line:
CSRF_FAILURE_VIEW = 'myapp.views.csrf_failure'
The CSRF_FAILURE_VIEW setting is a string that points to a view function that will be called when a CSRF error occurs. The view function should return an HttpResponse object.
In your views.py file, you can add the following code:
from django.shortcuts import render
def csrf_failure(request, reason=""):
"""Default view for CSRF failures."""
return render(
request,
"403_csrf.html",
{"reason": reason},
status=403,
)
The 403_csrf.html is a template file that you can create in your templates folder. You can use the following code in your template file:
{% extends "base.html" %}
{% block title %}403 Forbidden{% endblock %}
{% block content %}
<h1>403 Forbidden</h1>
<p>{{ reason }}</p>
{% endblock %}
You can customize the template file as you like.
Final tip
More often than not, the CSRF error is caused by a login issue in the user side, the most common cause is that the user is refreshing the page after logging in or the user is using the back button to go back to the login page.
To avoid this issue, in my 403_csrf.html template file, I have added a link to the login page so that the user can go back to the login page and login again.
{% extends "base.html" %}
{% block title %}403 Forbidden{% endblock %}
{% block content %}
<h1>403 Forbidden</h1>
<p>{{ reason }}</p>
<p><a href="{% url 'login' %}">Login</a></p>
{% endblock %}
Conclusion
This is how you can customize the CSRF failure view in Django. I have find that this greatly improves the user experience and reduces the number of support tickets that I have to deal with.
I hope you have found this article useful.
I hope this article was helpful, if you have any question or suggestion, feel free to reach out to me on :
- By email at [email protected].
- If you want to know more about me, you can check out my about page.
You can use my articles with no cost or attribution, feel free to edit them and make them your own.