The {% csrf_token %}
tag must be included in all Django forms.
This will generate a hidden input
in the form like this:
<input type="hidden" name="csrfmiddlewaretoken" value="ogCnWDqYM5XnnkQWaVz49uLeEj5qYYh3RGTnMEAKy3zYsiWZx4PNoCm2ata02pjR">
This value will be checked using Django’s built-in middleware to protect against cross site request forgery.
Commentary
Use it.