That sounds hopeful. Where do you put that config? Settings.py? On Friday, June 17, 2022 at 12:25:29 PM UTC-5 vicker...@gmail.com wrote:
> I was having a similar issue after setting up https with certbot. After > searching around, I found adding this to settings worked. > > CSRF_TRUSTED_ORIGINS = ["https://yourdomain.com";, > "https://www.yourdomain.com";] > > I'd be curious to hear from others, because I'm *not *an expert in how to > best set up django for production. > > > On Fri, 17 Jun 2022 at 11:48, Mike Kilmer <mi...@mzoo.org> wrote: > >> Hi. >> >> I'm fairly new to Django. Here's what I need insight on: >> >> Local server, no issue. >> >> On production: CSRF 403 error on login. >> >> There's a cookie loaded on the login page containing csrftoken: >> pAFeeUI8YFXZ2PKRYxOTX1qz4Xgto42WVNi7FFvBlZDqcFLwQ2rdQvVeZBHFSpLW >> >> (Local and Session storage are empty) >> >> In the FORM element: >> >> <input type="hidden" name="csrfmiddlewaretoken" >> value="Vz4FiujD4qkLpxCwWNJU0HCWs4u0Qf4RrMHyJf66rK0cznDbOimeTb7BnIVckANR"> >> >> Notice they don't match. >> >> I tried running ./migrate.py clearsessions. >> >> Once, yesterday, it seemed that the error did not occur in an Incognito >> Window, but today it persists even in an incognito window, as well as a >> different browser. >> >> One additional piece of information, I have allauth installed, but it >> doesn't seem to be correctly configured. It's login page is not loading. >> >> Additionally, the problem was there even when I removed allauth from Apps >> and Authentication Backends. >> >> Thanks much. >> >> –Mike >> >> -- >> You received this message because you are subscribed to the Google Groups >> "Django users" group. >> To unsubscribe from this group and stop receiving emails from it, send an >> email to django-users...@googlegroups.com. >> To view this discussion on the web visit >> https://groups.google.com/d/msgid/django-users/551AFE93-8B25-4CB9-8D3F-F1BF1EC4F585%40mzoo.org >> . >> > -- You received this message because you are subscribed to the Google Groups "Django users" group. To unsubscribe from this group and stop receiving emails from it, send an email to django-users+unsubscr...@googlegroups.com. To view this discussion on the web visit https://groups.google.com/d/msgid/django-users/d592ab6f-68ee-483e-9ae6-6f4074cdbcefn%40googlegroups.com.
