3

Clould9's Django out of the box gives CSRF error when I attempt to login to the admin page. Reason given is: - Forbidden (403) - CSRF verification failed. Request aborted. - Referer checking failed - https://mysite.c9.io/admin/login/?next=/admin/ does not match https://mysite.c9.io:443/

No changes were made to the instance, other than creating a superuser.

Commenting out setting.py MIDDLEWARE_CLASSES 'django.middleware.csrf.CsrfViewMiddleware' did not fix the issue.

Current workaround is through setattr(request, '_dont_enforce_csrf_checks', True), found here: Django CSRF framework cannot be disabled and is breaking my site

The problem seems to be the way Cloud9 treats HTTPS on port 443. Is there a way to fix this without disabling CSRF for the whole site? I also seem to be sandboxed out of django-admin.py, so I can't limit the hack to just the admin page.

Community
  • 1
  • 1
eff M
  • 31
  • 1
  • i have the same problem...i am glad that you raised the issue @eff M and i guess it is an issue related to Django 1.7 since all is working correctly with other work spaces using Django < 1.7 – toufikovich Nov 24 '14 at 15:03

1 Answers1

2

I have opened a ticket for this issue with the cloud9 support @eff M. They are great guys out there and great IDE as well with great support.

Meanwhile try this workaround for the time being:

access your admin page with http://mysite.c9.io/admin/login/?next=/admin/ and not with https://mysite.c9.io/admin/login/?next=/admin/ and see if you can login. it worked well on my side.

toufikovich
  • 794
  • 1
  • 6
  • 19
  • Logging in with HTTP allows easy interception of your credentials. Don't use this in large-scale productions! – ki9 May 14 '16 at 23:15