16👍
Try to set your CSRF trusted origins, allowed host and in the settings file like this
CSRF_TRUSTED_ORIGINS = [
'http://localhost:8000'
],
ALLOWED_HOSTS = [
'localhost',
],
CORS_ORIGIN_WHITELIST = [
'http://localhost:8000',
]
0👍
Adding more to what Jaime wrote, I have this:
python manage.py shell <<EOF
from django.conf import settings
from urllib.parse import urlparse
print([urlparse(origin).netloc.lstrip("*") for origin in settings.CSRF_TRUSTED_ORIGINS])
print({origin for origin in settings.CSRF_TRUSTED_ORIGINS if "*" not in origin})
EOF
Running the above will reveal what the set details for CSRF_TRUSTED_ORIGINS are.
I had a situation where I was correct but then, somewhere below the settings file, this same setting was referring to a localhost:7007, and it was already deployed.
The above helped me detect and fix it. And if your app is inside a docker container, start it as:
docker exec -i add-container-name-here python manage.py shell
and the other parts of it will remain the same as shown above.
- Determining Django Model Instance Types after a Query on a Base-class
- What became available_attrs on Django 3?
- Realtime server push with Socket IO (or Strophe.js), XMPP and Django
0👍
To all the people who are doing this locally, this might be because you are logged-in to the Django admin panel. Logging out fixed the error.
All the CSRF solution is the right way to do it. However, if you are building a local project, this solution may work.
This is because, Django expects a CSRF token when a user session exists and since Django uses cookie sessions by default, which are susceptible to cross site request forgery (CSRF). Of course when there is no user logged in there is no reason to use CSRF because there is no cookie to protect so the request will work without the token.
0👍
I was also getting the same issue while performing the API testing in postman and i resolved the this issues by clearing the cookies in postman tool
- Google Cloud Storage file stuck in time after multiple updates/deletions
- Django rest framework serializer is valid always false
- Pycharm error: Improperly configured
- Django : HTML form action directing to view (or url?) with 2 arguments
- Django Form Submit Button