Logo Questions Linux Laravel Mysql Ubuntu Git Menu
HTML CSS JAVASCRIPT SQL PYTHON PHP BOOTSTRAP JAVA JQUERY R React Kotlin
 

Django - 403 Forbidden CSRF verification failed

Tags:

python

django

csrf

django-csrf

I have a contact form in Django for my website and when I was testing it locally it was working fine but now when I try to submit my contact form "live" it always comes up with 403 Forbidden CSRF verification failed.

view:

def contact(request):
    if request.method == 'POST':
        form = ContactForm(request.POST)
        if form.is_valid():
            cd = form.cleaned_data
            send_mail(
                cd['subject'],
                cd['message'],
                cd.get('email', '[email protected]'),
                ['[email protected]'],
            )
            return HttpResponseRedirect('/thanks/')
    else:
        form = ContactForm()
    return render(request, 'contact/contact.html', {'form': form})

contact.html

{% extends 'site_base.html' %}

{% block head_title %}Contact{% endblock %}

{% block body %}

      <h2>Contact Us</h2>
      <p>To send us a message, fill out the below form.</p>

    {% if form.errors %}
        <p style="color: red;">
            Please correct the error{{ form.errors|pluralize }} below.
        </p>
    {% endif %}

    <form action="" method="POST">
    {% csrf_token %}
        <table>
            {{ form.as_table }}
        </table>
        <br />
        <button type="submit" value="Submit" class="btn btn-primary">Submit</button>
    </form>    

{% endblock %}

settings (the ones I thought would be relevant):

SESSION_COOKIE_SECURE = True
CSRF_COOKIE_SECURE = True
SESSION_EXPIRE_AT_BROWSER_CLOSE = True
MIDDLEWARE_CLASSES = [
    "django.middleware.csrf.CsrfViewMiddleware",
    "django.middleware.common.CommonMiddleware",
    "django.contrib.sessions.middleware.SessionMiddleware",
    "django.contrib.auth.middleware.AuthenticationMiddleware",
    "django.contrib.messages.middleware.MessageMiddleware",
    'django.middleware.clickjacking.XFrameOptionsMiddleware',
]

After trying to rule out some things, here's what I discovered. When I comment out SESSION_COOKIE_SECURE = TRUE and CSRF_COOKIE_SECURE = TRUE and SESSION_EXPIRE_AT_BROWSER_CLOSE = TRUE it works no problem.

If I just comment out CSRF_COOKIE_SECURE = TRUE it works fine. Something weird seems to be going on with how I'm handling CSRF... any help would be great.

like image 575
Elijah Avatar asked Sep 21 '14 00:09

Elijah

1 Answers

Sounds to me like the site is not https if it works when you comment out that line? CSRF_COOKIE_SECURE=True makes the csrf token only work with ssl per the docs https://docs.djangoproject.com/en/1.7/ref/settings/#csrf-cookie-secure

like image 118
awwester Avatar answered Oct 17 '22 04:10

awwester
Sign in to Comment

Related questions

Why os.path.dirname(__file__) is working in Django? [duplicate]
Tkinter: ProgressBar with indeterminate duration
Anaconda running python: cannot run mkl without a license
AttributeError:'module' object has no attribute 'call' :Python
Parse HTML with Beautiful Soup. Return text from specific tag
Python: Inline if statement else do nothing
llvmpy on Ubuntu 14.04
Pandas aggregate -- how to retain all columns
Django-Rest-Framework: How to post to foreignkey field using request.user for logged in user
Run Length Encoding in Python with List Comprehension
Celerybeat schedule executing task multiple times?
process.terminate() doesn't work for a chrome / firefox subprocess if a browser window is already present
Looping through df dictionary in order to merge df's in Pandas
How would I parse 'Front Matter' with Python
BackgroundSubtractorMOG still keep the object after it left the frame
Python and the new way to add data to urllib requests
Handling computationally intensive tasks in a Django webapp
Why an object in python is of type 'instance'?
GitPython - Getting Untracked Files
python run command as normal user in a root script

Donate For Us

If you love us? You can donate to us via Paypal or buy me a coffee so we can maintain and grow! Thank you!