7

The same code from the repo works fine out in the wild. But on my local environment, I'm getting CSRF errors on form submits.

Django 1.11.13, Python 2.7

It's very hard to debug, because there's not really any breakpoint. the error occurs way before the view.

The CSRF token is in the form {% csrf_token %}, the hidden field is there, the cookie is there.

I've tried creating a new virtual environment, wiping the database, different browsers. What else?

Rob L
  • 3,634
  • 2
  • 19
  • 38
  • {% csrf_token %} try this – Salman Zafar Aug 03 '18 at 21:09
  • That was a mistake.The tag is entered correctly. – Rob L Aug 04 '18 at 11:59
  • If you inspect the POST request via your browser's console, does it show it's sending the cookie too? – AKX Aug 04 '18 at 12:06
  • Django immediately redirects to a 403 page, it's difficult to read the POST. – Rob L Aug 04 '18 at 12:41
  • Put pdb trace in view function and inspect the console after form submit. – Raja Simon Aug 06 '18 at 13:23
  • @RajaSimon thanks, but that won't work, of course, since the error (and any csrf evaluation) is occurring in `django.middleware.csrf.CsrfViewMiddleware` and that is well before any view code is executed. I mentioned this fairly clearly in the question. – Rob L Aug 06 '18 at 13:32

1 Answers1

3

Well, I feel stupid. This must've occurred when we upgraded all our Django apps to v1.11 or v2.0. Somehow I got a SESSION_COOKIE_DOMAIN key in my local settings that reflected the domain of our staging environment. Live and learn.

Rob L
  • 3,634
  • 2
  • 19
  • 38