To prevent such attacks, you must add the csrftoken template tag to the form, which adds a hidden input field containing a token that gets sent with each POST request. Cross Site Request Forgery protection | Django — This should not be done for POST forms that target external URLs, since that would cause the CSRF token toDjango with Ajax, a modern client-server communication — Now Dont forget to place csrftoken next to the form tag in base.html. Django in its docs has defined to actually set the header on AJAX request, while protecting the CSRF token from being sent to other domains using settings.crossDomain in jQuery 1.5.1 and newer.return cookieValue var csrftoken getCookie(csrftoken) Now comes the Ajax part. Instead of doing a normal submit , let us have an Ajax post block in our HTML file. Django relies on csrf token for the validity of data posted to the server.var csrftoken getCookie(csrftoken) Im also using the "django.middleware.csrf.CsrfViewMiddleware" middleware. I tried to follow the the middleware code and I know that it fails on this: Requestcsrftoken request.META.get(HTTPXCSRFTOKEN, ). If youre using SessionAuthentication youll need to include valid CSRF tokens for any POST, PUT, PATCH or DELETE operations. In order to make AJAX requests, you need to include CSRF token in the HTTP header, as described in the Django documentation. I could use some help complying with Djangos CSRF protection mechanism via my AJAX post. Ive followed the directions hereThe difference between Django 1.2.4 and 1.2.5 was the requirement for a CSRF token for AJAX requests. I load the child page using .load() method and then when the button is clicked it runs a . ajax .