Django admin access error after deploying on railway

Question

I have deployed Django app on railway and I'm having issues accessing my admin panel. I have tried CSRF_TRUSTED_ORIGINS and also django-cors-headers but the issue is still persisting. I get this error CSRF verification failed. Request aborted. Origin checking failed - https://web-production-93c6.up.railway.app does not match any trusted origins. My settings.py down below;

INSTALLED_APPS = [
    'django.contrib.admin',
    'django.contrib.auth',
    'django.contrib.contenttypes',
    'django.contrib.sessions',
    'django.contrib.messages',
    'django.contrib.staticfiles',
    'joke.apps.JokeConfig',
    'crispy_forms',
    "crispy_bootstrap5",
    'django_celery_results',
    'django_celery_beat',
    "corsheaders",
]

MIDDLEWARE = [
    'django.middleware.security.SecurityMiddleware',
    'django.contrib.sessions.middleware.SessionMiddleware',
    "corsheaders.middleware.CorsMiddleware",
    'whitenoise.middleware.WhiteNoiseMiddleware',
    'django.middleware.common.CommonMiddleware',
    'django.middleware.csrf.CsrfViewMiddleware',
    'django.contrib.auth.middleware.AuthenticationMiddleware',
    'django.contrib.messages.middleware.MessageMiddleware',
    'django.middleware.clickjacking.XFrameOptionsMiddleware',
]

CORS_ALLOWED_ORIGINS = [
    'https://web-production-93c6.up.railway.app/',
]

CSRF_TRUSTED_ORIGINS = [
    'https://web-production-93c6.up.railway.app/'
]

ROOT_URLCONF = 'sendjoke.urls'

TEMPLATES = [
    {
        'BACKEND': 'django.template.backends.django.DjangoTemplates',
        'DIRS': [],
        'APP_DIRS': True,
        'OPTIONS': {
            'context_processors': [
                'django.template.context_processors.debug',
                'django.template.context_processors.request',
                'django.contrib.auth.context_processors.auth',
                'django.contrib.messages.context_processors.messages',
            ],
        },
    },
]

WSGI_APPLICATION = 'sendjoke.wsgi.application'


# Database
# https://docs.djangoproject.com/en/4.0/ref/settings/#databases

# DATABASES = {
#     'default': {
#         'ENGINE': 'django.db.backends.sqlite3',
#         'NAME': BASE_DIR / 'db.sqlite3',
#     }
# }

DATABASES = {
    'default': {
        #'ENGINE': 'django.db.backends.sqlite3',
        'ENGINE': 'django.db.backends.postgresql',
        'NAME': os.getenv("PGDATABASE"),
        'USER': os.getenv("PGUSER"),
        'PASSWORD': os.getenv("PGPASSWORD"),
        'HOST': os.getenv("PGHOST"),
        'PORT': os.getenv("PGPORT"),
    }
}


#DATABASE_URL = os.getenv("DATABASE_URL")
#db_from_env = dj_database_url.config(conn_max_age=600)
#DATABASES['default'] = dj_database_url.config(conn_max_age=1800)


# Password validation
# https://docs.djangoproject.com/en/4.0/ref/settings/#auth-password-validators

AUTH_PASSWORD_VALIDATORS = [
    {
        'NAME': 'django.contrib.auth.password_validation.UserAttributeSimilarityValidator',
    },
    {
        'NAME': 'django.contrib.auth.password_validation.MinimumLengthValidator',
    },
    {
        'NAME': 'django.contrib.auth.password_validation.CommonPasswordValidator',
    },
    {
        'NAME': 'django.contrib.auth.password_validation.NumericPasswordValidator',
    },
]


# Internationalization
# https://docs.djangoproject.com/en/4.0/topics/i18n/

LANGUAGE_CODE = 'en-us'

TIME_ZONE = 'UTC'

USE_I18N = True

USE_TZ = True


# Static files (CSS, JavaScript, Images)
# https://docs.djangoproject.com/en/4.0/howto/static-files/

STATIC_URL = 'static/'
STATIC_ROOT = os.path.join(BASE_DIR, "static")

# Default primary key field type
# https://docs.djangoproject.com/en/4.0/ref/settings/#default-auto-field

DEFAULT_AUTO_FIELD = 'django.db.models.BigAutoField'

CRISPY_ALLOWED_TEMPLATE_PACKS = "bootstrap5"

CRISPY_TEMPLATE_PACK = "bootstrap5"

#celery
CELERY_BROKER_URL = os.getenv("REDIS_URL")
CELERY_TIMEZONE = 'Africa/Nairobi'
CELERY_ACCEPT_CONTENT = ['application/json']
CELERY_RESULT_SERIALIZER = 'json'
CELERY_TASK_SERIALIZER = 'json'
CELERY_RESULT_BACKEND = 'django-db'


#celery beat
CELERY_BEAT_SCHEDULER = 'django_celery_beat.schedulers:DatabaseScheduler'



#EMAIL

load_dotenv()
env_path = Path('.')/'.env'
load_dotenv(dotenv_path=env_path)

EMAIL_BACKEND = "django.core.mail.backends.smtp.EmailBackend"
EMAIL_USE_TLS = True
EMAIL_HOST = "smtp.gmail.com"
EMAIL_PORT = 587
EMAIL_HOST_USER = os.getenv("EMAIL_HOST_USER")
EMAIL_HOST_PASSWORD = os.getenv("EMAIL_HOST_PASSWORD")
DEFAULT_FROM_EMAIL = os.getenv("EMAIL_HOST_USER")

Edited my question to add the error I get – kabszac Mar 17 '23 at 09:54 — kabszac, Mar 17 '23 at 09:54
Did you add `{% csrf_token %}` in the template? – Sunderam Dubey Mar 17 '23 at 11:55 — Sunderam Dubey, Mar 17 '23 at 11:55

score 0 · Answer 1 · answered Mar 22 '23 at 14:02

Remove the trailing slashes. That was the issue

it should be like this:

CORS_ALLOWED_ORIGINS = [
    'https://web-production-93c6.up.railway.app',
]

CSRF_TRUSTED_ORIGINS = [
    'https://web-production-93c6.up.railway.app'
]

not like this:

CORS_ALLOWED_ORIGINS = [
    'https://web-production-93c6.up.railway.app/',
]

CSRF_TRUSTED_ORIGINS = [
    'https://web-production-93c6.up.railway.app/'
]

Django admin access error after deploying on railway

1 Answers1