Why we need {% csrf_token %}, what it's actual use?

To start a form we must need of csrf_token else errors will occur...

8/25/2019 5:24:38 AM

Prince Raj

5 Answers

New Answer


Wiki: https://en.wikipedia.org/wiki/Cross-site_request_forgery


This is to prevent a kind of web attack known as "Cross site request forgery" (or CSRF). You can look it up on google to read more about what it is.


Cross-site request forgery, also known as one-click attack or session riding and abbreviated as CSRF (sometimes pronounced sea-surf) or XSRF, is a type of malicious exploit of a website where unauthorized commands are transmitted from a user that the web application trusts. This is commonly exploited through forms hence the need for django to enforce it in the construction structure. in simple terms they are helping you to pay attention to security from the word go when working with django. check out this link:https://en.wikipedia.org › wiki › Cross-site_request_forgery




When we send get requests to server which contains forms. If we have csrf_token there then Server send csrf token( random string) with the form. Then when we submit that form with post request method. Server check that string (csrf token) to insure that this is same form send by server. It prevents random user to send post request. it Insure integrity . Though it is not necessary to use csrf token with form. It is only necessary with post method. If you use get request it is not required csrf token.