I was having a similar issue after setting up https with certbot. After searching around, I found adding this to settings worked.
CSRF_TRUSTED_ORIGINS = ["https://yourdomain.com";, "https://www.yourdomain.com";] I'd be curious to hear from others, because I'm *not *an expert in how to best set up django for production. On Fri, 17 Jun 2022 at 11:48, Mike Kilmer <[email protected]> wrote: > Hi. > > I'm fairly new to Django. Here's what I need insight on: > > Local server, no issue. > > On production: CSRF 403 error on login. > > There's a cookie loaded on the login page containing csrftoken: > pAFeeUI8YFXZ2PKRYxOTX1qz4Xgto42WVNi7FFvBlZDqcFLwQ2rdQvVeZBHFSpLW > > (Local and Session storage are empty) > > In the FORM element: > > <input type="hidden" name="csrfmiddlewaretoken" > value="Vz4FiujD4qkLpxCwWNJU0HCWs4u0Qf4RrMHyJf66rK0cznDbOimeTb7BnIVckANR"> > > Notice they don't match. > > I tried running ./migrate.py clearsessions. > > Once, yesterday, it seemed that the error did not occur in an Incognito > Window, but today it persists even in an incognito window, as well as a > different browser. > > One additional piece of information, I have allauth installed, but it > doesn't seem to be correctly configured. It's login page is not loading. > > Additionally, the problem was there even when I removed allauth from Apps > and Authentication Backends. > > Thanks much. > > –Mike > > -- > You received this message because you are subscribed to the Google Groups > "Django users" group. > To unsubscribe from this group and stop receiving emails from it, send an > email to [email protected]. > To view this discussion on the web visit > https://groups.google.com/d/msgid/django-users/551AFE93-8B25-4CB9-8D3F-F1BF1EC4F585%40mzoo.org > . > -- You received this message because you are subscribed to the Google Groups "Django users" group. To unsubscribe from this group and stop receiving emails from it, send an email to [email protected]. To view this discussion on the web visit https://groups.google.com/d/msgid/django-users/CACaDatQQiGcmw62HNgajxBJsibfu%2BW-0LqdhasckNGsK4iymCA%40mail.gmail.com.
