why am I getting a CSRF token missing or incorrect error?

why am I getting a CSRF token missing or incorrect error? I did put the {% csrf_token %} in my html, and the rest of my pages works well, only the delete not working. I am trying to delete a user from my database when the admin click on the delete button.


{% extends "home.html" %}
{% block content %}
table {
    border:solid black 1px;

td, th {
    border-left:solid black 1px;
    border-top:solid black 1px;

th {
    border-top: none;

td:first-child, th:first-child {
     border-left: none;


   <div style="padding-left:16px">

 <div class="form-block">
    <th>Staff Name</th>
      <th>Staff Username</th>
      <th>Date Joined</th>
         {% for user in allusername %}
         {% csrf_token %}

        <td>{{user.first_name}} {{user.last_name}}</td>
      <td><a class="btn btn-sm btn-info" href="{}">Update</a></td>

          <form action="{% url 'delete' %}" method="post">
          <button type="submit" class="btn btn-sm btn-danger">Delete</button>

{% endfor %}

     <h6>*Note: You are 8 hours ahead of the server time.</h6>

{% endblock %}

urlpatterns = [
    #path('', views.index, name='index'),
    #path('login/', views.login_view, name='login_view'),
    path('register/', views.register, name='register'),
    path('adminpage/', views.admin, name='adminpage'),
    path('customer/', views.customer, name='customer'),
    path('logistic/', views.logistic, name='logistic'),
    path('forget/', views.forget, name='forget'),
    path('newblock/', views.newblock, name='newblock'),
    path('quote/', views.quote, name='quote'),
    path('profile/', views.profile, name='profile'),
    path('adminprofile/', views.adminprofile, name='adminprofile'),

    path('', views.login_user, name='login'),
    path('home/', views.home, name='home'),
    path('allstaff/', views.allstaff, name='allstaff'),
    #path('delete_order/<str:pk>/', views.deleteOrder, name="delete_order"),
    path('delete/<int:id>/', views.delete, name='delete'),
    path('logout/', views.logout_view, name='logout'),
    path('register/', views.register_view, name='register'),
    path('edit-register/', views.edit_register_view, name='edit_register'),


def delete(request, id):
    context = {}
    user = get_object_or_404(User, id=id)
    if request.method == "POST":
        return HttpResponseRedirect("/home")
    return render(request, 'delete.html', context)

where do I do wrong, is my tag in the wrong position? if it is where should I put?

Answers: 0