Django.fun

why am I getting a CSRF token missing or incorrect error?

why am I getting a CSRF token missing or incorrect error? I did put the {% csrf_token %} in my html, and the rest of my pages works well, only the delete not working. I am trying to delete a user from my database when the admin click on the delete button.

allstaff.html

{% extends "home.html" %}
{% block content %}
<style>
table {
    border-collapse:separate;
    border:solid black 1px;
    border-radius:6px;
    -moz-border-radius:6px;
}

td, th {
    border-left:solid black 1px;
    border-top:solid black 1px;
}

th {
    border-top: none;
}

td:first-child, th:first-child {
     border-left: none;
}



</style>


   <div style="padding-left:16px">
     <br>

 <div class="form-block">
     <table>
  <tr>
    <th>Staff Name</th>
      <th>Staff Username</th>
      <th>Email</th>
      <th>Date Joined</th>
      <th>Action</th>
  </tr>
         {% for user in allusername %}
         {% csrf_token %}



  <tr>
        <td>{{user.first_name}} {{user.last_name}}</td>
      <td>{{user.username}}</td>
      <td>{{user.email}}</td>
      <td>{{user.date_joined}}</td>
      <td><a class="btn btn-sm btn-info" href="{}">Update</a></td>
      <td>

          <form action="{% url 'delete' user.id %}" method="post">
          <button type="submit" class="btn btn-sm btn-danger">Delete</button>
      </form>
      </td>
     </tr>

{% endfor %}

</table>
     <br>
     <h6>*Note: You are 8 hours ahead of the server time.</h6>




</div>
   </div>
{% endblock %}

urls.py

urlpatterns = [
    #path('', views.index, name='index'),
    #path('login/', views.login_view, name='login_view'),
    path('register/', views.register, name='register'),
    path('adminpage/', views.admin, name='adminpage'),
    path('customer/', views.customer, name='customer'),
    path('logistic/', views.logistic, name='logistic'),
    path('forget/', views.forget, name='forget'),
    path('newblock/', views.newblock, name='newblock'),
    path('quote/', views.quote, name='quote'),
    path('profile/', views.profile, name='profile'),
    path('adminprofile/', views.adminprofile, name='adminprofile'),

    path('', views.login_user, name='login'),
    path('home/', views.home, name='home'),
    path('allstaff/', views.allstaff, name='allstaff'),
    #path('delete_order/<str:pk>/', views.deleteOrder, name="delete_order"),
    path('delete/<int:id>/', views.delete, name='delete'),
    path('logout/', views.logout_view, name='logout'),
    path('register/', views.register_view, name='register'),
    path('edit-register/', views.edit_register_view, name='edit_register'),


]

views.py

def delete(request, id):
    context = {}
    user = get_object_or_404(User, id=id)
    if request.method == "POST":
        user.delete()
        return HttpResponseRedirect("/home")
    return render(request, 'delete.html', context)

where do I do wrong, is my tag in the wrong position? if it is where should I put?

Answers: 0