2

Been working on my live server all day and just got it working, admin was working fine, i cleared cookies and suddenly i got the following error, and no fixes seem to be helping me. My website does have SSL yet so its still http(dont know if this has anything to do with it?) enter image description here

DEBUG = False
   
  CSRF_TRUSTED_ORIGINS = ['http://.*', 'http://example.com', 'http://www.example.com']


# HTTPS Settings
SESSION_COOKIE_SECURE = True
CSRF_COOKIE_SECURE = False
SECURE_SSL_REDIRECT = False

# HSTS Settings

SECURE_HSTS_SECONDS = 31536000
SECURE_HSTS_PRELOAD = True
SECURE_HSTS_INCLUDE_SUBDOMAINS = True

This is the only form on my website that requires csrf_token and as you can see it already has it. enter image description here

David Henson
  • 355
  • 1
  • 10

2 Answers2

3

SOLVED

By adding the ip from my domain to the allowed hosts and trusted origins.

David Henson
  • 355
  • 1
  • 10
0

Do you have CsrfViewMiddleware in your MIDDLEWARE_CLASSES setting? Are you accessing the site non-securely (seems so) then it could not work. Try to disable CSRF_COOKIE_SECURE, CSRF_COOKIE_HTTPONLY and SESSION_COOKIE_SECURE and you will see it will work.

Leonardo Di Lella
  • 106
  • 5
  • Yes I am accessing via http at the moment as I havent set up SSL yet, but the weird thing is that it was all working during the day and this happened all of the sudden. Ill check settings above. EDIT: Same error with the above settings set to false – David Henson Dec 16 '22 at 07:37
  • Is DEBUG=True ? Can you please check if the cookie was created in the session ? You can see it in the chrome developer (Application => Cookies). Are you using "localhost" to access your site ? Then you need to put it also in ```CSRF_TRUSTED_ORIGINS```, e.g. ```CSRF_TRUSTED_ORIGINS=['http://localhost', 'http://127.0.0.1']``` using http://.* will not work. – Leonardo Di Lella Dec 16 '22 at 12:37