very strange error: "XSRF cookie does not match POST argument"
1,473 views
Skip to first unread message
Tzury Bar Yochay
Sep 25, 2011, 9:17:38 AM9/25/11
to python-...@googlegroups.com
Hi,
remain the same between page refresh, on the target machine when the problem occurs
value changes between refresh
On my templates, I only use
to render the xsrf, nothing manually at all.
I am experiencing this strange behavior which make no sense in my humble opinion.
On my development machine, things simply work fine, however, on the target machine,
when lunching browser and pointing to the application, I get on the server's console the
XSRF cookie does not match POST argument and on the browser 403 forbidden.
Environments are basically identical, I used git to push/pull from my desktop and I assured manually chcksum of files is simply the same.
Moreover, there is one more thing I noticed which vary from one machine to another, as while on my desktop
the value of the element
<input type="hidden" name="_xsrf" value="f3e2e0d6xxxxxxx..."/>
value changes between refresh
On my templates, I only use
{{ xsrf_form_html() }}
Dmitri Cherniak
Sep 25, 2011, 11:11:01 AM9/25/11
to python-...@googlegroups.com
I also had a user report this to me once, since switching to 2.1 but haven't been able to reproduce it since.
File "/usr/local/lib/python2.7/dist-packages/tornado-2.1-py2.7.egg/tornado/web.py", line 948, in _execute
self.check_xsrf_cookie()
File "/usr/local/lib/python2.7/dist-packages/tornado-2.1-py2.7.egg/tornado/web.py", line 845, in check_xsrf_cookie
raise HTTPError(403, "XSRF cookie does not match POST argument")
HTTPError: HTTP 403: Forbidden (XSRF cookie does not match POST argument
Lorenzo Bolla
Sep 25, 2011, 12:06:56 PM9/25/11
to python-...@googlegroups.com
Hi,
Given that autoescaping is enabled by default in Tornado>2.0, shouldn't you use
{% raw xsrf_form_html() %}
instead?
hth,
hth,
L.
Tzury Bar Yochay
Sep 25, 2011, 12:20:07 PM9/25/11
to python-...@googlegroups.com
Btw, I am using tornado v1.1.0
Ben Darnell
Sep 25, 2011, 1:23:37 PM9/25/11
to python-...@googlegroups.com
On Sun, Sep 25, 2011 at 6:17 AM, Tzury Bar Yochay
<afro.s...@gmail.com> wrote:
> Hi,
> I am experiencing this strange behavior which make no sense in my humble
> opinion.
> On my development machine, things simply work fine, however, on the target
> machine,
> when lunching browser and pointing to the application, I get on the server's
> console the
> XSRF cookie does not match POST argument and on the browser 403 forbidden.
> Environments are basically identical, I used git to push/pull from my
> desktop and I assured manually chcksum of files is simply the same.
> Moreover, there is one more thing I noticed which vary from one machine to
> another, as while on my desktop
> the value of the element
> <input type="hidden" name="_xsrf" value="f3e2e0d6xxxxxxx..."/>
>
> remain the same between page refresh, on the target machine when the problem
> occurs
> value changes between refresh
<afro.s...@gmail.com> wrote:
> Hi,
> I am experiencing this strange behavior which make no sense in my humble
> opinion.
> On my development machine, things simply work fine, however, on the target
> machine,
> when lunching browser and pointing to the application, I get on the server's
> console the
> XSRF cookie does not match POST argument and on the browser 403 forbidden.
> Environments are basically identical, I used git to push/pull from my
> desktop and I assured manually chcksum of files is simply the same.
> Moreover, there is one more thing I noticed which vary from one machine to
> another, as while on my desktop
> the value of the element
> <input type="hidden" name="_xsrf" value="f3e2e0d6xxxxxxx..."/>
>
> remain the same between page refresh, on the target machine when the problem
> occurs
> value changes between refresh
It sounds like the target machine is not accepting cookies. Check
browser settings and extensions to see if anything is blocking
cookies.
-Ben
Tzury Bar Yochay
Sep 26, 2011, 1:52:30 AM9/26/11
to Tornado Web Server
Found it thanks to all the hints and directions you guys gave me.
Thanks!
What happened is that although my app was of the same version, i.e.
identical clone, the tornado was not, as tornado on the target machine
was installed far after on development, and git clone at that time,
results in a different version of tornado (1.1 vs 2.1git).
Therefore, I fast forward my development to latest tornado, added
autoescape=false at application constructor, and off I go.
thank you all for the help.
Thanks!
What happened is that although my app was of the same version, i.e.
identical clone, the tornado was not, as tornado on the target machine
was installed far after on development, and git clone at that time,
results in a different version of tornado (1.1 vs 2.1git).
Therefore, I fast forward my development to latest tornado, added
autoescape=false at application constructor, and off I go.
thank you all for the help.
Reply all
Reply to author
Forward
0 new messages