All geek questions in one place

CSRF validation failed, but only with IE9

I installed CSRF as described in the Django docs (using Django 1.3). It works with FF and Safari, but in IE9 I get

<div id="summary"> <h1>Forbidden <span>(403)</span></h1> <p>CSRF verification failed. Request aborted.</p> </div>

In Ajax request response headers I find

 Set-Cookie csrftoken=8db3637951243ffb591e6b2d6998ed03; expires=Fri, 14-Sep-2012 08:01:52 GMT; Max-Age=31449600; Path=/

It works in IE9 when used in its usual form (i.e., Ajax is not used).

I am using Django for nginx / 1.1.2.

Any hints that I'm missing here?

+6
source share
3 answers

If your form is inside an iframe, the likely reason is the default IE policy for blocking third-party cookies. You could

Django ticket # 17157 suggests adding a note about this issue to the documentation.

+3
source

I had the same problem, the problem was that I did not specify the action attribute. IE does not apparantly allow this.

+2
source

On Django ticket # 17157 (thanks to @akaihola for the link), he stated that the problem is that Internet Explorer blocks third-party cookies by default. Thus, you can enable third-party cookies for all sites or only for your site in your browser settings. Here's how to do it in IE 7 (from this link ):

  • Click "Service"
  • Click "Internet Options"
  • Select the "Privacy" tab.

Option 1: enable third-party cookies for all sites

  • Click Advanced
  • Select "Override automatic cookie processing"
  • Select the "Accept" button in the "Third-party cookies" section and click "OK"

OR

Option 2: enable third-party cookies only for Feedjit.com

  • Click Sites
  • Add "your-domain.com" and click "Allow"
  • Click OK
  • Select the "Accept" button in the "Third-party cookies" section and click "OK"
+1
source

Source: https://habr.com/ru/post/897453/

More articles:


All Articles