Issue
I was logging into my django admin console easily a few minutes ago. I must have changed something somewhere that caused this error when logging in as superuser:
Forbidden (403) CSRF verification failed. Request aborted.
This error caught me off guard as I was logging in all night. Why would I suddenly need a csrf token for admin login? You would think the sign in form already has that. This is my admin.py:
from django.contrib import admin
from accounts.models import Image, Category, UserProfile
class ImageAdmin(admin.ModelAdmin):
list_display = ["__unicode__", "title", "created"]
admin.site.register(Image, GenericImageAdmin)
class CategoryAdmin(admin.ModelAdmin):
list_display = ["category"]
admin.site.register(Category, CategoryAdmin)
admin.site.register(UserProfile)
Solution
Admin login normally does require a csrf token, but that's normally all taken care for you.
- Check your browser's cookies to see if there is a csrf token present
- Try clearing cookies and refreshing
- If you are using Django 4.0, you may need to add this line to your
settings.py
file:CSRF_TRUSTED_ORIGINS = ['https://*.mydomain.com','https://*.127.0.0.1']
(making the appropriate changes). In 4.0, they started checking the origin header unlike in previous versions. Thanks to this answer for suggesting this solution. - Check to make sure you have
django.middleware.csrf.CsrfViewMiddleware
in your middleware - Check that you're either on
https
or you haveCSRF_COOKIE_SECURE=False
(which is the default) in settings, otherwise your csrf cookie exists but won't be sent. Purge your cookies after changingCSRF_COOKIE_SECURE
.
Answered By - ubadub
0 comments:
Post a Comment
Note: Only a member of this blog may post a comment.