That sounds hopeful. Where do you put that config? Settings.py? On Friday, June 17, 2022 at 12:25:29 PM UTC-5 [email protected] wrote:
> I was having a similar issue after setting up https with certbot. After > searching around, I found adding this to settings worked. > > CSRF_TRUSTED_ORIGINS = ["https://yourdomain.com";, > "https://www.yourdomain.com";] > > I'd be curious to hear from others, because I'm *not *an expert in how to > best set up django for production. > > > On Fri, 17 Jun 2022 at 11:48, Mike Kilmer <[email protected]> wrote: > >> Hi. >> >> I'm fairly new to Django. Here's what I need insight on: >> >> Local server, no issue. >> >> On production: CSRF 403 error on login. >> >> There's a cookie loaded on the login page containing csrftoken: >> pAFeeUI8YFXZ2PKRYxOTX1qz4Xgto42WVNi7FFvBlZDqcFLwQ2rdQvVeZBHFSpLW >> >> (Local and Session storage are empty) >> >> In the FORM element: >> >> <input type="hidden" name="csrfmiddlewaretoken" >> value="Vz4FiujD4qkLpxCwWNJU0HCWs4u0Qf4RrMHyJf66rK0cznDbOimeTb7BnIVckANR"> >> >> Notice they don't match. >> >> I tried running ./migrate.py clearsessions. >> >> Once, yesterday, it seemed that the error did not occur in an Incognito >> Window, but today it persists even in an incognito window, as well as a >> different browser. >> >> One additional piece of information, I have allauth installed, but it >> doesn't seem to be correctly configured. It's login page is not loading. >> >> Additionally, the problem was there even when I removed allauth from Apps >> and Authentication Backends. >> >> Thanks much. >> >> –Mike >> >> -- >> You received this message because you are subscribed to the Google Groups >> "Django users" group. >> To unsubscribe from this group and stop receiving emails from it, send an >> email to [email protected]. >> To view this discussion on the web visit >> https://groups.google.com/d/msgid/django-users/551AFE93-8B25-4CB9-8D3F-F1BF1EC4F585%40mzoo.org >> . >> > -- You received this message because you are subscribed to the Google Groups "Django users" group. To unsubscribe from this group and stop receiving emails from it, send an email to [email protected]. To view this discussion on the web visit https://groups.google.com/d/msgid/django-users/d592ab6f-68ee-483e-9ae6-6f4074cdbcefn%40googlegroups.com.
