Re: CSRF issue in default login
If you're interested in some piecemeal work, I could use some help. mike at mzoo.org. On Friday, June 17, 2022 at 3:10:16 PM UTC-5 181...@northsouth.edu wrote: > I have basic to intermediate knowledge on Django, but don't find any entry > level job to master my django knowledge in my country, can any one suggest > me where I can get some project or industry level job in django , please. I > am badly need that > > On Friday, June 17, 2022 at 11:29:04 PM UTC+6 Mike Kilmer wrote: > >> That sounds hopeful. Where do you put that config? Settings.py? >> >> On Friday, June 17, 2022 at 12:25:29 PM UTC-5 vicker...@gmail.com wrote: >> >>> I was having a similar issue after setting up https with certbot. After >>> searching around, I found adding this to settings worked. >>> >>> CSRF_TRUSTED_ORIGINS = ["https://yourdomain.com";, >>> "https://www.yourdomain.com";] >>> >>> I'd be curious to hear from others, because I'm *not *an expert in how to >>> best set up django for production. >>> >>> >>> On Fri, 17 Jun 2022 at 11:48, Mike Kilmer wrote: >>> Hi. I'm fairly new to Django. Here's what I need insight on: Local server, no issue. On production: CSRF 403 error on login. There's a cookie loaded on the login page containing csrftoken: pAFeeUI8YFXZ2PKRYxOTX1qz4Xgto42WVNi7FFvBlZDqcFLwQ2rdQvVeZBHFSpLW (Local and Session storage are empty) In the FORM element: >>> value="Vz4FiujD4qkLpxCwWNJU0HCWs4u0Qf4RrMHyJf66rK0cznDbOimeTb7BnIVckANR"> Notice they don't match. I tried running ./migrate.py clearsessions. Once, yesterday, it seemed that the error did not occur in an Incognito Window, but today it persists even in an incognito window, as well as a different browser. One additional piece of information, I have allauth installed, but it doesn't seem to be correctly configured. It's login page is not loading. Additionally, the problem was there even when I removed allauth from Apps and Authentication Backends. Thanks much. –Mike -- You received this message because you are subscribed to the Google Groups "Django users" group. To unsubscribe from this group and stop receiving emails from it, send an email to django-users...@googlegroups.com. To view this discussion on the web visit https://groups.google.com/d/msgid/django-users/551AFE93-8B25-4CB9-8D3F-F1BF1EC4F585%40mzoo.org . >>> -- You received this message because you are subscribed to the Google Groups "Django users" group. To unsubscribe from this group and stop receiving emails from it, send an email to django-users+unsubscr...@googlegroups.com. To view this discussion on the web visit https://groups.google.com/d/msgid/django-users/810b5821-7117-48d5-a71b-3ad09df7a1ean%40googlegroups.com.
Re: CSRF issue in default login
I have basic to intermediate knowledge on Django, but don't find any entry level job to master my django knowledge in my country, can any one suggest me where I can get some project or industry level job in django , please. I am badly need that On Friday, June 17, 2022 at 11:29:04 PM UTC+6 Mike Kilmer wrote: > That sounds hopeful. Where do you put that config? Settings.py? > > On Friday, June 17, 2022 at 12:25:29 PM UTC-5 vicker...@gmail.com wrote: > >> I was having a similar issue after setting up https with certbot. After >> searching around, I found adding this to settings worked. >> >> CSRF_TRUSTED_ORIGINS = ["https://yourdomain.com";, >> "https://www.yourdomain.com";] >> >> I'd be curious to hear from others, because I'm *not *an expert in how to >> best set up django for production. >> >> >> On Fri, 17 Jun 2022 at 11:48, Mike Kilmer wrote: >> >>> Hi. >>> >>> I'm fairly new to Django. Here's what I need insight on: >>> >>> Local server, no issue. >>> >>> On production: CSRF 403 error on login. >>> >>> There's a cookie loaded on the login page containing csrftoken: >>> pAFeeUI8YFXZ2PKRYxOTX1qz4Xgto42WVNi7FFvBlZDqcFLwQ2rdQvVeZBHFSpLW >>> >>> (Local and Session storage are empty) >>> >>> In the FORM element: >>> >>> >> value="Vz4FiujD4qkLpxCwWNJU0HCWs4u0Qf4RrMHyJf66rK0cznDbOimeTb7BnIVckANR"> >>> >>> Notice they don't match. >>> >>> I tried running ./migrate.py clearsessions. >>> >>> Once, yesterday, it seemed that the error did not occur in an Incognito >>> Window, but today it persists even in an incognito window, as well as a >>> different browser. >>> >>> One additional piece of information, I have allauth installed, but it >>> doesn't seem to be correctly configured. It's login page is not loading. >>> >>> Additionally, the problem was there even when I removed allauth from >>> Apps and Authentication Backends. >>> >>> Thanks much. >>> >>> –Mike >>> >>> -- >>> You received this message because you are subscribed to the Google >>> Groups "Django users" group. >>> To unsubscribe from this group and stop receiving emails from it, send >>> an email to django-users...@googlegroups.com. >>> To view this discussion on the web visit >>> https://groups.google.com/d/msgid/django-users/551AFE93-8B25-4CB9-8D3F-F1BF1EC4F585%40mzoo.org >>> . >>> >> -- You received this message because you are subscribed to the Google Groups "Django users" group. To unsubscribe from this group and stop receiving emails from it, send an email to django-users+unsubscr...@googlegroups.com. To view this discussion on the web visit https://groups.google.com/d/msgid/django-users/dd868e4f-997d-4e6a-8f1d-744d2c8de649n%40googlegroups.com.
Re: CSRF issue in default login
That sounds hopeful. Where do you put that config? Settings.py? On Friday, June 17, 2022 at 12:25:29 PM UTC-5 vicker...@gmail.com wrote: > I was having a similar issue after setting up https with certbot. After > searching around, I found adding this to settings worked. > > CSRF_TRUSTED_ORIGINS = ["https://yourdomain.com";, > "https://www.yourdomain.com";] > > I'd be curious to hear from others, because I'm *not *an expert in how to > best set up django for production. > > > On Fri, 17 Jun 2022 at 11:48, Mike Kilmer wrote: > >> Hi. >> >> I'm fairly new to Django. Here's what I need insight on: >> >> Local server, no issue. >> >> On production: CSRF 403 error on login. >> >> There's a cookie loaded on the login page containing csrftoken: >> pAFeeUI8YFXZ2PKRYxOTX1qz4Xgto42WVNi7FFvBlZDqcFLwQ2rdQvVeZBHFSpLW >> >> (Local and Session storage are empty) >> >> In the FORM element: >> >> > value="Vz4FiujD4qkLpxCwWNJU0HCWs4u0Qf4RrMHyJf66rK0cznDbOimeTb7BnIVckANR"> >> >> Notice they don't match. >> >> I tried running ./migrate.py clearsessions. >> >> Once, yesterday, it seemed that the error did not occur in an Incognito >> Window, but today it persists even in an incognito window, as well as a >> different browser. >> >> One additional piece of information, I have allauth installed, but it >> doesn't seem to be correctly configured. It's login page is not loading. >> >> Additionally, the problem was there even when I removed allauth from Apps >> and Authentication Backends. >> >> Thanks much. >> >> –Mike >> >> -- >> You received this message because you are subscribed to the Google Groups >> "Django users" group. >> To unsubscribe from this group and stop receiving emails from it, send an >> email to django-users...@googlegroups.com. >> To view this discussion on the web visit >> https://groups.google.com/d/msgid/django-users/551AFE93-8B25-4CB9-8D3F-F1BF1EC4F585%40mzoo.org >> . >> > -- You received this message because you are subscribed to the Google Groups "Django users" group. To unsubscribe from this group and stop receiving emails from it, send an email to django-users+unsubscr...@googlegroups.com. To view this discussion on the web visit https://groups.google.com/d/msgid/django-users/d592ab6f-68ee-483e-9ae6-6f4074cdbcefn%40googlegroups.com.
Re: CSRF issue in default login
I was having a similar issue after setting up https with certbot. After searching around, I found adding this to settings worked. CSRF_TRUSTED_ORIGINS = ["https://yourdomain.com";, "https://www.yourdomain.com";] I'd be curious to hear from others, because I'm *not *an expert in how to best set up django for production. On Fri, 17 Jun 2022 at 11:48, Mike Kilmer wrote: > Hi. > > I'm fairly new to Django. Here's what I need insight on: > > Local server, no issue. > > On production: CSRF 403 error on login. > > There's a cookie loaded on the login page containing csrftoken: > pAFeeUI8YFXZ2PKRYxOTX1qz4Xgto42WVNi7FFvBlZDqcFLwQ2rdQvVeZBHFSpLW > > (Local and Session storage are empty) > > In the FORM element: > > value="Vz4FiujD4qkLpxCwWNJU0HCWs4u0Qf4RrMHyJf66rK0cznDbOimeTb7BnIVckANR"> > > Notice they don't match. > > I tried running ./migrate.py clearsessions. > > Once, yesterday, it seemed that the error did not occur in an Incognito > Window, but today it persists even in an incognito window, as well as a > different browser. > > One additional piece of information, I have allauth installed, but it > doesn't seem to be correctly configured. It's login page is not loading. > > Additionally, the problem was there even when I removed allauth from Apps > and Authentication Backends. > > Thanks much. > > –Mike > > -- > You received this message because you are subscribed to the Google Groups > "Django users" group. > To unsubscribe from this group and stop receiving emails from it, send an > email to django-users+unsubscr...@googlegroups.com. > To view this discussion on the web visit > https://groups.google.com/d/msgid/django-users/551AFE93-8B25-4CB9-8D3F-F1BF1EC4F585%40mzoo.org > . > -- You received this message because you are subscribed to the Google Groups "Django users" group. To unsubscribe from this group and stop receiving emails from it, send an email to django-users+unsubscr...@googlegroups.com. To view this discussion on the web visit https://groups.google.com/d/msgid/django-users/CACaDatQQiGcmw62HNgajxBJsibfu%2BW-0LqdhasckNGsK4iymCA%40mail.gmail.com.
Re: CSRF issue in default login
Html form like action form use
On Fri, Jun 17, 2022, 21:23 Mike Kilmer wrote:
> By the way, using Django 4.0.
>
> Thanks, Rahul.
>
> I believe this is a default Django template, and wouldn't the fact the the
> page/form creates a cookie be a sign that that action triggered by `{%
> crsf_token %}` has taken place?
>
> On Friday, June 17, 2022 at 10:51:24 AM UTC-5 rahul@gmail.com wrote:
>
>> {% crsf_token %} use this action form down
>>
>>
>> On Fri, Jun 17, 2022, 20:47 Mike Kilmer wrote:
>>
>>> Hi.
>>>
>>> I'm fairly new to Django. Here's what I need insight on:
>>>
>>> Local server, no issue.
>>>
>>> On production: CSRF 403 error on login.
>>>
>>> There's a cookie loaded on the login page containing csrftoken:
>>> pAFeeUI8YFXZ2PKRYxOTX1qz4Xgto42WVNi7FFvBlZDqcFLwQ2rdQvVeZBHFSpLW
>>>
>>> (Local and Session storage are empty)
>>>
>>> In the FORM element:
>>>
>>> >> value="Vz4FiujD4qkLpxCwWNJU0HCWs4u0Qf4RrMHyJf66rK0cznDbOimeTb7BnIVckANR">
>>>
>>> Notice they don't match.
>>>
>>> I tried running ./migrate.py clearsessions.
>>>
>>> Once, yesterday, it seemed that the error did not occur in an Incognito
>>> Window, but today it persists even in an incognito window, as well as a
>>> different browser.
>>>
>>> One additional piece of information, I have allauth installed, but it
>>> doesn't seem to be correctly configured. It's login page is not loading.
>>>
>>> Additionally, the problem was there even when I removed allauth from
>>> Apps and Authentication Backends.
>>>
>>> Thanks much.
>>>
>>> –Mike
>>>
>>> --
>>> You received this message because you are subscribed to the Google
>>> Groups "Django users" group.
>>> To unsubscribe from this group and stop receiving emails from it, send
>>> an email to django-users...@googlegroups.com.
>>> To view this discussion on the web visit
>>> https://groups.google.com/d/msgid/django-users/551AFE93-8B25-4CB9-8D3F-F1BF1EC4F585%40mzoo.org
>>> .
>>>
>> --
> You received this message because you are subscribed to the Google Groups
> "Django users" group.
> To unsubscribe from this group and stop receiving emails from it, send an
> email to django-users+unsubscr...@googlegroups.com.
> To view this discussion on the web visit
> https://groups.google.com/d/msgid/django-users/4522cbf1-cb66-49a2-b033-d438dd5b7200n%40googlegroups.com
>
> .
>
--
You received this message because you are subscribed to the Google Groups
"Django users" group.
To unsubscribe from this group and stop receiving emails from it, send an email
to django-users+unsubscr...@googlegroups.com.
To view this discussion on the web visit
https://groups.google.com/d/msgid/django-users/CACvpWiqRd3aW6oRBRfxVoc3LpKr%3DtuMKhsYT37OPXDFrsL6JPA%40mail.gmail.com.
Re: CSRF issue in default login
{% crsf_token %} use this action form down
On Fri, Jun 17, 2022, 20:47 Mike Kilmer wrote:
> Hi.
>
> I'm fairly new to Django. Here's what I need insight on:
>
> Local server, no issue.
>
> On production: CSRF 403 error on login.
>
> There's a cookie loaded on the login page containing csrftoken:
> pAFeeUI8YFXZ2PKRYxOTX1qz4Xgto42WVNi7FFvBlZDqcFLwQ2rdQvVeZBHFSpLW
>
> (Local and Session storage are empty)
>
> In the FORM element:
>
> value="Vz4FiujD4qkLpxCwWNJU0HCWs4u0Qf4RrMHyJf66rK0cznDbOimeTb7BnIVckANR">
>
> Notice they don't match.
>
> I tried running ./migrate.py clearsessions.
>
> Once, yesterday, it seemed that the error did not occur in an Incognito
> Window, but today it persists even in an incognito window, as well as a
> different browser.
>
> One additional piece of information, I have allauth installed, but it
> doesn't seem to be correctly configured. It's login page is not loading.
>
> Additionally, the problem was there even when I removed allauth from Apps
> and Authentication Backends.
>
> Thanks much.
>
> –Mike
>
> --
> You received this message because you are subscribed to the Google Groups
> "Django users" group.
> To unsubscribe from this group and stop receiving emails from it, send an
> email to django-users+unsubscr...@googlegroups.com.
> To view this discussion on the web visit
> https://groups.google.com/d/msgid/django-users/551AFE93-8B25-4CB9-8D3F-F1BF1EC4F585%40mzoo.org
> .
>
--
You received this message because you are subscribed to the Google Groups
"Django users" group.
To unsubscribe from this group and stop receiving emails from it, send an email
to django-users+unsubscr...@googlegroups.com.
To view this discussion on the web visit
https://groups.google.com/d/msgid/django-users/CACvpWiqBzm7%2BZ6tnN0J5FkdetM%3DaPH6hKRuGV7GNjcYdOR1grg%40mail.gmail.com.
CSRF issue in default login
Hi. I'm fairly new to Django. Here's what I need insight on: Local server, no issue. On production: CSRF 403 error on login. There's a cookie loaded on the login page containing csrftoken: pAFeeUI8YFXZ2PKRYxOTX1qz4Xgto42WVNi7FFvBlZDqcFLwQ2rdQvVeZBHFSpLW (Local and Session storage are empty) In the FORM element: Notice they don't match. I tried running ./migrate.py clearsessions. Once, yesterday, it seemed that the error did not occur in an Incognito Window, but today it persists even in an incognito window, as well as a different browser. One additional piece of information, I have allauth installed, but it doesn't seem to be correctly configured. It's login page is not loading. Additionally, the problem was there even when I removed allauth from Apps and Authentication Backends. Thanks much. –Mike -- You received this message because you are subscribed to the Google Groups "Django users" group. To unsubscribe from this group and stop receiving emails from it, send an email to django-users+unsubscr...@googlegroups.com. To view this discussion on the web visit https://groups.google.com/d/msgid/django-users/551AFE93-8B25-4CB9-8D3F-F1BF1EC4F585%40mzoo.org.
