I have a Django app that I created for SFMC, hosted on Heroku. I get "Forbidden (csrf cookie not set.)" error when I use it in SFMC but it is ok when I use it standalone.
Here my settings.py:
X_FRAME_OPTIONS = 'ALLOW-FROM .exacttarget.com'
CSRF_TRUSTED_ORIGINS = [
'https://*.exacttarget.com',
'https://*.herokuapp.com'
]
SECURE_PROXY_SSL_HEADER = ('HTTP_X_FORWARDED_PROTO', 'https')
CSRF_COOKIE_SECURE = True
CSRF_COOKIE_DOMAIN = '.herokuapp.com'
CSRF_COOKIE_SAMESITE = 'None'
SECURE_SSL_REDIRECT = True
CORS_ORIGIN_ALLOW_ALL = True
I use {%csrf_token%} in the form correctly and it has the value.
Can you help me?
[https://stackoverflow.com/questions/53076379/crsf-cookie-not-set-in-iframed-django-view-within-another-site](I have tried the methods here but it did not work.)
I have tried many different settings variations but none of them worked.
