2

I am troubleshooting a Django app.

Recently the app seems to Randomly generate CSRF verification errors:

CSRF verification failed. Request aborted. (Resulting in a 403)

Where can I find detailed information on the cause of the verification failure?

Dan O'Boyle
  • 3,676
  • 5
  • 28
  • 44
  • 3
    Not sure what you're expecting the log to show. It will only know that the CSRF token was not present in the POST. – Daniel Roseman Jul 13 '16 at 17:06
  • 1
    That error presents even when a token is present, but not the expected / valid token. Information about the cause of failure would be useful (if it exists). – Dan O'Boyle Jul 13 '16 at 17:09
  • Please try https://stackoverflow.com/questions/26925244/django-how-to-override-the-csrf-failure-template . It helped me out. – Jesuisme Mar 07 '19 at 18:50
  • Hello Dan, did you find any good solution to debug CSRF errors? Im having sporadic CSRF problems with AJAX and I dont know how to debug them cause I can't reproduce them. – Martin Massera Aug 14 '19 at 12:34

1 Answers1

3

The error you're seeing is on the client side - which won't by default know what's going wrong on your server unless you have set DEBUG = True (which you don't want to do in production).

If it was replicable on your staging server it would be easy to fix, since you could replicate the error with DEBUG = True on staging and quickly see where the verification fails in Django's csrf.py.

What you're looking for is the output of which of these error is occurring on your server.

If you implement logging in Django you'll be able to investigate and determine which of these errors was triggered on your production site. A service like Sentry makes this even simpler since it will send you the traceback anytime an error happens.

YPCrumble
  • 26,610
  • 23
  • 107
  • 172