I am running into a weird issue with Django CSRF tokens in my SPA.
When I render my application I ensure that the token is set using ensure_csrf_cookie
. When I check my cookies I see that csrftoken
is properly stored, and I'm also sending it as part of the request using:
headers: {
‘X-CSRFToken’: getCsrfTokenFromCookie(),
}
When I delete the csrfToken
cookie and refresh the page, a new csrfToken
is set but when I try to send my request, I get the error
message: "CSRF Failed: CSRF Token missing or incorrect."
But if I refresh the page again, the request sends successfully with the same csrfToken cookie!
I am not sure what is causing this inconsistency. Any thoughts?
Your issue may be similar to this question. If you force a full page refresh your issue may be solved.