I think the problem is in your code. Just read the django code
Error in this block.
if not constant_time_compare(request_csrf_token, csrf_token): logger.warning('Forbidden (%s): %s', REASON_BAD_TOKEN, request.path, extra={ 'status_code': 403, 'request': request, } ) return self._reject(request, REASON_BAD_TOKEN)
So, you, the script front end, send csrf_token which cookies (which send the browser) are not equal
Next code work
Tpl
<!DOCTYPE html> <html> <head> <meta charset="utf-8"> </head> <body> <a href="javascript:" class="req1">req1</a> <a href="javascript:" class="req2">req2</a> <br> <form id="foo" action="" method="POST">{% csrf_token %} {{ form.as_p }} <input type="submit"> </form> <script type="text/javascript" src="//ajax.googleapis.com/ajax/libs/jquery/1.7.2/jquery.min.js"></script> <script type="text/javascript"> $(document).ready(function(){ $('.req2').click(function(){ var form1 = $.post( '', $('#foo').serialize(), function(data){console.log(data)} ); }) $('.req1').click(function(){ var form1 = $.post( '', $('#foo').serialize(), function(data){console.log(data)} ); }) }) </script> </body> </html>
View
from django import forms from django.http import HttpResponse from django.shortcuts import render from django.views.decorators.csrf import csrf_protect class TestForm(forms.Form): test_field = forms.CharField() @csrf_protect def home(request): if request.method == 'POST': form = TestForm(request.POST) if form.is_valid(): return HttpResponse('all ok') else: form = TestForm() return render(request, 'page.html', { 'form': form, }, )