csrf_token
should be placed in both the forms, as long as both are being accessed on the server side via GET
or POST
, and YES you can use the same csrf_token
for both the forms without any issues.
You can do something like
<form action="." >{% csrf_token %}
{{form1.as_p}}
</form>
when you do data=form.serialize()
, the csrf
token is automatically serialized in the data
of the ajax request.
The reason multiple {% csrf_token %}
works is because all the token does is provide information for validation that a form request is from a valid (untampered) user session.