The {% csrf_token %} tag must be included in all Django forms.

This will generate a hidden input in the form like this:

<input type="hidden" name="csrfmiddlewaretoken" value="ogCnWDqYM5XnnkQWaVz49uLeEj5qYYh3RGTnMEAKy3zYsiWZx4PNoCm2ata02pjR">

This value will be checked using Django’s built-in middleware to protect against cross site request forgery.