The MIDDLEWARE_CLASSES
look's good.
This is the basic code you should use for csrf
.
from django.shortcuts import render
from django.views.decorators.csrf import csrf_exempt, csrf_protect
@csrf_protect
#@csrf_exempt says to make an exemption on csrf, but of course is not secure.
#@csrf_exempt
def show_rates(request, doc_id, template_name='rate.html'):
...
#I suppose that locals() returns a dict()
return render(request, template_name, locals())
<form method="POST" action="">
{# Don't forget the following line #}
{% csrf_token %}
{{ form.as_table }}
<div class="row-fluid">
<div class="span10">
</div>
<div class="span2">
<button class="btn btn-block btn-primary" type="submit">Rate</button>
</div>
</div>
</form>