Csrf_token error on production. but no error on localhost

Question

I just finished my first Django project and I deployed it on Railway. It deployed successfully but my contact form gives the csrf_token error on production but doesn't give an error on localhost. I have csrf_token tag in my contact form on my html template.

                    <form action="{% url 'contact' %}" method="post">
                        {% csrf_token %}
                        <div class="form-group">
                            <input  class="form-control" type="text" name="message-name" placeholder="Your Name" required>
                        </div>
                        <div class="form-group">
                            <input class="form-control" type="email" name="message-email" placeholder="Your Email" required>
                        </div>
                        <div class="form-group">
                            <textarea name="message" class="form-control" id=" placeholder="Message *" rows="7" required></textarea>
                        </div>
                        <div class="form-group ">
                            <button type="submit" class="form-control btn btn-primary" >Send Message</button>
                        </div>
                    </form>


what should i do about this

score 0 · Answer 1 · answered Jan 18 '23 at 14:38

I assume you are using Django 4.0 or above, where CSRF_TRUSTED_ORIGINS is required to be in the settings.py. You can specify this env variable as follows.

CSRF_TRUSTED_ORIGINS = ['https://YourSite.com', 'http://YourSite.com']

You can refer here and here.

Csrf_token error on production. but no error on localhost

1 Answers1