CSRF token issue when upgrading Django to version 4.*

Question

I was using the Django version 3, but then upgraded it to Django version 4(django==4.0.6).

After logging to admin panel of Django project, it said that CSRF token is invalid. I found this link in Django documentation and tried to put such variable in settings.py:

ALLOWED_ORIGINS = ['https://*', 'http://*']

But it didn't help. What am I doing wrong?

ALLOWED_ORIGINS has nothing to do with CSRF Token. Try to migrate again if data isn't important. — Hemal Patel, Aug 12 '22 at 18:18

score 3 · Accepted Answer · answered Aug 12 '22 at 18:42

ALLOWED_ORIGINS is not related to CSRF token. To fix problems related to your issue, you must specify the following setting for the project in production mode to settings.py module:

CSRF_TRUSTED_ORIGINS = [
        'https://subdomain.example.com',
        'https://*.blob.com',
        ...
    ]

For reading more information related to this topic you can read CSRF_TRUSTED_ORIGINS in django documentation.

CSRF token issue when upgrading Django to version 4.*

1 Answers1