I was logging into my django admin console easily a few minutes ago. I must have changed something somewhere that caused this error when logging in as superuser:
Forbidden (403) CSRF verification failed. Request aborted.
This error caught me off guard as I was logging in all night. Why would I suddenly need a csrf token for admin login? You would think the sign in form already has that. This is my admin.py:
from django.contrib import admin from accounts.models import Image, Category, UserProfile class ImageAdmin(admin.ModelAdmin): list_display = ["__unicode__", "title", "created"] admin.site.register(Image, GenericImageAdmin) class CategoryAdmin(admin.ModelAdmin): list_display = ["category"] admin.site.register(Category, CategoryAdmin) admin.site.register(UserProfile)
1. Using @csrf_exempt decorator. The is will import the @csrf_exempt decorator that allows you to easily disable CSRF validation for specific views. Just place @csrf_exempt decorator immediately above the view for which you do not want CSRF protection.
It generates a token on the server-side when rendering the page and makes sure to cross-check this token for any requests coming back in. If the incoming requests do not contain the token, they are not executed. Django makes this process seamless with the addition of a simple tag to the form generated.
CSRF protection works by checking for a secret in each POST request. This ensures that a malicious user cannot “replay” a form POST to your website and have another logged in user unwittingly submit that form. The malicious user would have to know the secret, which is user specific (using a cookie).
Admin login normally does require a csrf token, but that's normally all taken care for you.
django.middleware.csrf.CsrfViewMiddleware
in your middlewarehttps
or you have CSRF_COOKIE_SECURE=False
(which is the default) in settings, otherwise your csrf cookie exists but won't be sent. Purge your cookies after changing CSRF_COOKIE_SECURE
.If you love us? You can donate to us via Paypal or buy me a coffee so we can maintain and grow! Thank you!
Donate Us With