Logo Questions Linux Laravel Mysql Ubuntu Git Menu
 

Django admin raises CSRF verification failed

I've started new django project and enabled admin app. I can login to admin site but when I'm trying to add/change site or user I'm getting

CSRF verification failed. Request aborted.
Reason given for failure:
CSRF token missing or incorrect.

That's what I have in settings.py:

TEMPLATE_LOADERS = (
'django.template.loaders.filesystem.Loader',
'django.template.loaders.app_directories.Loader',
)

MIDDLEWARE_CLASSES = (
'django.middleware.common.CommonMiddleware',
'django.contrib.sessions.middleware.SessionMiddleware',
'django.middleware.csrf.CsrfViewMiddleware',
'django.contrib.auth.middleware.AuthenticationMiddleware',
'django.contrib.messages.middleware.MessageMiddleware',
# Uncomment the next line for simple clickjacking protection:
# 'django.middleware.clickjacking.XFrameOptionsMiddleware',
)
INSTALLED_APPS = (
'django.contrib.auth',
'django.contrib.contenttypes',
'django.contrib.sessions',
'django.contrib.sites',
'django.contrib.messages',
'django.contrib.staticfiles',
'django.contrib.admin',
# Uncomment the next line to enable admin documentation:
# 'django.contrib.admindocs',
)

When I'm looking at admin page source I see

<input type='hidden' name='csrfmiddlewaretoken' value='T9Mfk1LRXi5jPE2dh5jcvdKwzYM6Iy5I' />

there

I have Django version 1.4.1

like image 922
igoris Avatar asked Oct 03 '12 15:10

igoris


People also ask

How do I fix CSRF verification failed aborted?

Are you trying to log in and are receiving a “Forbidden (403) CSRF verification failed.” message? What is happening is that our site's securities are in conflict with an autofill-enabled configuration in your browser. To fix, you can: Disable autofill, allow cookies, and clear your cache.

What is CSRF protection in Django?

The CSRF middleware and template tag provides easy-to-use protection against Cross Site Request Forgeries.


1 Answers

Have you overridden the CSRF_COOKIE_DOMAIN setting? If the CSRF token is present in the form, and you haven't modified the source of the admin app, then the most likely scenario is that the cookie is not being set correctly.

Check the response headers of the login page to make sure that the cookie is being set correctly, and check the request headers of your login attempt to ensure that it is also being sent (and matches the value in the form).

like image 106
Ian Clelland Avatar answered Sep 21 '22 16:09

Ian Clelland