CSRF verification failed. Request aborted.

Forbidden (403)
CSRF verification failed. Request aborted.

Help

Reason given for failure:

    CSRF token missing or incorrect.
    

In general, this can occur when there is a genuine Cross Site Request Forgery, or when Django's CSRF mechanism has not been used correctly. For POST forms, you need to ensure:

    Your browser is accepting cookies.
    The view function passes a request to the template's render method.
    In the template, there is a {% csrf_token %} template tag inside each POST form that targets an internal URL.
    If you are not using CsrfViewMiddleware, then you must use csrf_protect on any views that use the csrf_token template tag, as well as those that accept the POST data.
    The form has a valid CSRF token. After logging in in another browser tab or hitting the back button after a login, you may need to reload the page with the form, because the token is rotated after a login.

You're seeing the help section of this page because you have DEBUG = True in your Django settings file. Change that to False, and only the initial error message will be displayed.

You can customize this page using the CSRF_FAILURE_VIEW setting.

**跨站请求伪造（Cross-Stie Request Forgery,CSRF）漏洞，**是一种对网站的恶意利用，尽管听起来像跨站脚本（XSS），但它与XSS非常不同，XSS利用站点内的信任用户，而CSRF则通过伪装来自受信任用户的请求来利用受信任的网站。与XSS攻击相比，CSRF攻击往往不大流行（因此对其进行防范的资源也相当稀少）和难以防范，所以被认为比XSS更具危险性

可以这样理解：
攻击者盗用了你的身份，以你的名义发送恶意请求，对服务器来说这个请求是完全合法的，但是却完成了攻击者所期望的一个操作，比如以你的名义发送邮件、发消息，盗取你的账号，添加系统管理员，甚至于购买商品、虚拟货币转账等。

Django针对CSRF的保护措施是在生成的每个表单中放置一个自动生成的令牌，通过这个令牌判断POST请求是否来自同一个网站

解决办法一：

这里用到Django的模板，使用“模板标签”(TemplateTag)添加CSRF令牌，在from表单中添加 {% crrf_token %}

# index.html
...
<form method="post">
  <div >
    <input  name="username" placeholder="username"><br>
    <input  name="password" placeholder="password"><br>
    <div >
    <button type='submit' id='btn'>提交</button>
    </div>
 </div>
  {% csrf_token %}
</form>
...

再次，刷新页面并重新提交表单，即可正常访问

解决方法二：

直接忽略此检查，在 项目的 settings.py中注释掉 csrf即可

MIDDLEWARE = [
    'django.middleware.security.SecurityMiddleware',
    'django.contrib.sessions.middleware.SessionMiddleware',
    'django.middleware.common.CommonMiddleware',
    #'django.middleware.csrf.CsrfViewMiddleware',
    'django.contrib.auth.middleware.AuthenticationMiddleware',
    'django.contrib.messages.middleware.MessageMiddleware',
    'django.middleware.clickjacking.XFrameOptionsMiddleware',
]

浅谈CSRF（Cross-site request forgery）跨站请求伪造（写的非常好）

CSRF具体参见：
https://www.cnblogs.com/liuqingzheng/p/9505044.html