Django: Forbidden (CSRF cookie not set.)

I modify urls.py

If you manage your routes in urls.py, you can wrap your desired routes with csrf_exempt() to exclude them from the CSRF verification middleware.

from django.conf.urls import patterns, url
from django.views.decorators.csrf import csrf_exempt
from . import views

urlpatterns = patterns('',
    url(r'^object/$', csrf_exempt(views.ObjectView.as_view())),
    ...
)

In views.py

class ObjectView(CreateView):

    def post(self, request):
        if request.method == 'POST':
             #enter you view

If you have set the CSRF_COOKIE_SECURE to be True in your settings file, then the cookie will be marked as "secure" and therefore will need an HTTPS connection.

Which is why you receive that error.

For more information here.