CSRF verification failed. Request aborted.
You are seeing this message because this site requires a CSRF cookie when submitting forms. This cookie is required for security reasons, to ensure that your browser is not being hijacked by third parties.
If you have configured your browser to disable cookies, please re-enable them, at least for this site, or for 'same-origin' requests.
More information is available with DEBUG=True.
Cookies marked with SameSite=None
must also be marked with Secure
to allow setting them in a cross-site context. This behavior protects user data from being sent over an insecure connection.
Resolve this issue by updating the attributes of the cookie:
SameSite=None
and Secure
if the cookie is intended to be set in cross-site contexts. Note that only cookies sent over HTTPS may use the Secure
attribute.SameSite=Strict
or SameSite=Lax
if the cookie should not be set by cross-site requests--
You received this message because you are subscribed to the Google Groups "Numbas Users" group.
To unsubscribe from this group and stop receiving emails from it, send an email to numbas-users...@googlegroups.com.
To view this discussion on the web, visit https://groups.google.com/d/msgid/numbas-users/14f95df3-9a33-45ae-98e8-c7bf2a5824b7o%40googlegroups.com.
To view this discussion on the web, visit https://groups.google.com/d/msgid/numbas-users/5f22ee3e.1c69fb81.5d29f.9c07%40mx.google.com.
--
You received this message because you are subscribed to the Google Groups "Numbas Users" group.
To unsubscribe from this group and stop receiving emails from it, send an email to numbas-users...@googlegroups.com.
To view this discussion on the web, visit https://groups.google.com/d/msgid/numbas-users/72a93752-5654-4390-ab7e-a53dbc91a97en%40googlegroups.com.
Reason given for failure:
Referer checking failed - Referer is insecure while host is secure.In general, this can occur when there is a genuine Cross Site Request Forgery, or when Django's CSRF mechanism has not been used correctly. For POST forms, you need to ensure:
You're seeing the help section of this page because you have DEBUG = True in your Django settings file. Change that to False, and only the initial error message will be displayed.
You can customize this page using the CSRF_FAILURE_VIEW setting.
I've disabled the following in default.conf given I'm not using https for my test 'thorow away' server, and I can now login successfully!
#proxy_set_header X-FORWARDED-PROTO https;
Thanks.