██FR█████ █INTELL███████████

Need Help Finalizing My Django-Based Research Study App (CSRF Issue)


This content originally appeared on DEV Community and was authored by Aditya Jadhav

Hey Dev Community! 👋

I’m working on a Django-based web application for a university research study that explores passphrases across different languages. I’ve built most of the core functionality, but I’ve hit a blocker I can’t seem to solve and could use your help.

🧠 Project Background

This is a user study platform (academic) where participants:

  • Log in or sign up
  • Consent to a study
  • Complete a series of language-based passphrase tasks

We use Django 5.2.1, and the app has:

  • Allauth (for auth, but only the backend currently)
  • Custom user flow
  • Consent form
  • Task-based progression (task1 → task2, etc.)

❗ Problem I’m Facing

After logging in (especially in a fresh or different browser), when the user clicks “Start the Study”, they hit this:
403 Forbidden: CSRF verification failed. Request aborted.

Despite having:

  • {% csrf_token %} in the form
  • CsrfViewMiddleware active
  • Proper CSRF_TRUSTED_ORIGINS and ALLOWED_HOSTS
  • Cookies confirmed in the browser
  • get_token(request) and @csrf_protect used

Still, the form POST fails on that “Start the Study” step.

✅ What Works

  • Viewing the home page after login also works.
  • Form displays the token correctly.
  • CSRF cookie is generated.
  • If I refresh or re-login, it sometimes works — it’s inconsistent.

💡 What I Think Might Help

  • Guidance on how to persist CSRF token between views properly?
  • Is get_token(request) necessary in views?
  • Anything to check in my session/cookie setup?

🔗 Project Info

  • Python 3.11 / Django 5.2.1
  • SQLite (for now)
  • Hosted locally (localhost:8000)
  • CSRF Cookie: Lax, Secure = False (for dev)
  • CSRF token is present in the form

📂 Want to Help?

If you’re interested in helping me wrap this up:

  • I am happy to discuss more via comments here!

Thank you in advance 🙏 — this is part of a real academic research study, so your contribution has meaningful impact!

P.S.: If you’ve solved a similar issue before, please drop some wisdom! I’ve debugged it for hours and feel close… but not quite there.


This content originally appeared on DEV Community and was authored by Aditya Jadhav