Django - CSRF problem after moving to production server

Question

I moved applications to the production server and I have a problem with CSRF - Access denied (403) CSRF verification failed. The request was aborted.

I checked in my browser and I don't have a cookie named

csrftoken

Part of my settings.py looks like this:

 SECRET_KEY = 'xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx'
 SESSION_COOKIE_SECURE = True SESSION_COOKIE_SAMESITE = None
 
 CSRF_COOKIE_SECURE = True CSRF_COOKIE_SAMESITE = 'Strict'
 
 #SECURE_HSTS_SECONDS = 31536000
 #SECURE_CONTENT_TYPE_NOSNIFF = True
 #CSRF_COOKIE_SECURE = True
 #SESSION_COOKIE_SECURE = True
 #SESSION_COOKIE_SAMESITE = None
 #SECURE_HSTS_PRELOAD = True

I haven't turned on HTTPS yet

Everything worked fine on the development server. Where to find the cause and what to improve?

score 1 · Answer 1 · answered Jun 10 '22 at 23:23

1

What solved it for me was to add the following to settings.py, replacing "<my_domain>" part of course.

CSRF_TRUSTED_ORIGINS = ['https://<my_domain>.com']

This code above works like magic

answered Jun 10 '22 at 23:23

markothedev

46
3

score 0 · Answer 2 · answered Mar 22 '21 at 20:24

0

problem solved. You just had to generate an SSL certificate and enable HTTPS.

This post showed me the solution Django: Forbidden (CSRF cookie not set.)

answered Mar 22 '21 at 20:24

gaza

1
4

Django - CSRF problem after moving to production server

2 Answers2