CSRF Token issues on my website

1

I just managed to get to the very last chapter of Django for beginners. On that last chapter the book talks about deploying the website using fly.io. I test my code locally using python manage.py runserver and it works fine there are no errors. When I deploy it to fly launch however it says CSRF verification failed. Request aborted when I deploy it on fly.io.

It says:
In general, this can occur when there is a genuine Cross Site Request Forgery, or when Django’s CSRF mechanism has not been used correctly. For POST forms, you need to ensure:

  • Your browser is accepting cookies.
  • The view function passes a request to the template’s render method.
  • In the template, there is a {% csrf_token %} template tag inside each POST form that targets an internal URL.
  • If you are not using CsrfViewMiddleware, then you must use csrf_protect on any views that use the csrf_token template tag, as well as those that accept the POST data.
  • The form has a valid CSRF token. After logging in in another browser tab or hitting the back button after a login, you may need to reload the page with the form, because the token is rotated after a login.

Reason given for failure:

Origin checking failed - https://djangonews.fly.dev does not match any trusted origins.

In general, this can occur when there is a genuine Cross Site Request Forgery, or when Django’s CSRF mechanism has not been used correctly. For POST forms, you need to ensure:

  • Your browser is accepting cookies.
  • The view function passes a request to the template’s render method.
  • In the template, there is a {% csrf_token %} template tag inside each POST form that targets an internal URL.
  • If you are not using CsrfViewMiddleware, then you must use csrf_protect on any views that use the csrf_token template tag, as well as those that accept the POST data.
  • The form has a valid CSRF token. After logging in in another browser tab or hitting the back button after a login, you may need to reload the page with the form, because the token is rotated after a login.

You’re seeing the help section of this page because you have DEBUG = True in your Django settings file. Change that to False, and only the initial error message will be displayed.

You can customize this page using the CSRF_FAILURE_VIEW setting.

Do I need to add a star or something?

my settings.py file that contains the CSRF_TRUSTED_ORIGINS

Its acting as if the website is not trusted. Is it a url thing where I need to ad the * or something?

2

I am getting a 400 Bad Request error now

https://forum.djangoproject.com/t/django-csrf-trustedI am now getting a bad request message 400. William says to input the hostname into CSRF_TRUSTED_ORIGINS and ALLOWED_HOSTS.

I am certain I have followed his instructions.

https://newsapp27.fly.dev/
ALLOWED_HOSTS = [
https://newsapp27.fly.dev/”,
“localhost”,
“127.0.0.1”,
]
CSRF_TRUSTED_ORIGINS = [“https://newsapp27.fly.dev/”, “https://*.fly.dev”]-and-allowed-hosts-issues/23842/4

3

This topic was automatically closed 7 days after the last reply. New replies are no longer allowed.