All geek questions in one place

Different csrf token value in response header and browser cookies. Csrf error in django 1.9

Most SO responses ask you to clear cookies and confirm the middleware class. I have already tried this.

Python - 3.4
Django - 1.10
Using VirtualEnv.

I get an error Forbidden (403) CSRF verification failed. Request aborted.on the Django admin login screen. I hosted my site on pythonanywhere.com using django version 1.9 .

  • I deleted my browser cookies. All of them.
  • I reloaded the login screen. Get a request.
  • In the cookie browsers that were still empty, one value was set for my site, where csrf = XPp5hAhylAkt27U4SzGPNU7w8SFBJ3RP enter image description here
  • cookie cookie- = UT24544MghHLZi0IrGHQlCcpk1v0SbCy. . enter image description here
  • .
  • 403 CSRF. .
  • csrf.
  • cookie CSRF = XPp5hAhylAkt27U4SzGPNU7w8SFBJ3RP enter image description here

  • csrf values ​​= UT24544MghHLZi0IrGHQlCcpk1v0SbCy enter image description here

  • "django.middleware.csrf.CsrfViewMiddleware" . cookie. .

, .

csrf-token? ?

update 1: debug = False , . , .

update 2. , cookie csrftoken , , . cookie , , -.

update 3. , -. CSRF, , , cookie .

update 4: CSRF_COOKIE_NAME = "csrf_token" .

+4
1

CSRF , .

URL, , , , -, URL- . cookie CSRF, , , - CSRF .

: enter image description here

: enter image description here

, , .

, , - , (, ), , , 404.

+6

Source: https://habr.com/ru/post/1667467/

More articles:


All Articles