[Django] #34498: error 403 in login in django

17 views
Skip to first unread message

Django

unread,
Apr 15, 2023, 11:56:34 AM4/15/23
to django-...@googlegroups.com
#34498: error 403 in login in django
-----------------------------------------+------------------------
Reporter: vahidzare63 | Owner: nobody
Type: Uncategorized | Status: new
Component: CSRF | Version: 4.2
Severity: Normal | Keywords:
Triage Stage: Unreviewed | Has patch: 0
Needs documentation: 0 | Needs tests: 0
Patch needs improvement: 0 | Easy pickings: 0
UI/UX: 0 |
-----------------------------------------+------------------------
hi
my website error 403 in login

Help
Reason given for failure:

CSRF token from POST incorrect.

In general, this can occur when there is a genuine Cross Site Request
Forgery, or when Django’s CSRF mechanism has not been used correctly. For
POST forms, you need to ensure:

Your browser is accepting cookies.
The view function passes a request to the template’s render method.
In the template, there is a {% csrf_token %} template tag inside each POST
form that targets an internal URL.
If you are not using CsrfViewMiddleware, then you must use csrf_protect on
any views that use the csrf_token template tag, as well as those that
accept the POST data.
The form has a valid CSRF token. After logging in in another browser tab
or hitting the back button after a login, you may need to reload the page
with the form, because the token is rotated after a login.
You’re seeing the help section of this page because you have DEBUG = True
in your Django settings file. Change that to False, and only the initial
error message will be displayed.

You can customize this page using the CSRF_FAILURE_VIEW setting.

my setting is

ALLOWED_HOSTS = ['ov.example.ir' , 'www.ov.example.ir' ,
'http://ov.example.ir' , 'https://ov.example.ir/' ]

CSRF_TRUSTED_ORIGINS = [ 'https://ov.example.ir/' ,
'http://ov.example.ir/']

tnx

--
Ticket URL: <https://code.djangoproject.com/ticket/34498>
Django <https://code.djangoproject.com/>
The Web framework for perfectionists with deadlines.

Django

unread,
Apr 15, 2023, 1:14:41 PM4/15/23
to django-...@googlegroups.com
#34498: error 403 in login in django
-------------------------------+--------------------------------------
Reporter: vahidzare63 | Owner: nobody
Type: Uncategorized | Status: closed
Component: CSRF | Version: 4.2
Severity: Normal | Resolution: invalid

Keywords: | Triage Stage: Unreviewed
Has patch: 0 | Needs documentation: 0
Needs tests: 0 | Patch needs improvement: 0
Easy pickings: 0 | UI/UX: 0
-------------------------------+--------------------------------------
Changes (by Mariusz Felisiak):

* status: new => closed
* resolution: => invalid


Comment:

Please don't use Trac as a support channel. Closing per
TicketClosingReasons/UseSupportChannels.

--
Ticket URL: <https://code.djangoproject.com/ticket/34498#comment:1>

Reply all
Reply to author
Forward
0 new messages