Logo Questions Linux Laravel Mysql Ubuntu Git Menu
HTML CSS JAVASCRIPT SQL PYTHON PHP BOOTSTRAP JAVA JQUERY R React Kotlin
 

Django admin raises CSRF verification failed

Tags:

python

django

csrf

django-csrf

I've started new django project and enabled admin app. I can login to admin site but when I'm trying to add/change site or user I'm getting 

CSRF verification failed. Request aborted.
Reason given for failure:
CSRF token missing or incorrect.

That's what I have in settings.py:

TEMPLATE_LOADERS = (
'django.template.loaders.filesystem.Loader',
'django.template.loaders.app_directories.Loader',
)

MIDDLEWARE_CLASSES = (
'django.middleware.common.CommonMiddleware',
'django.contrib.sessions.middleware.SessionMiddleware',
'django.middleware.csrf.CsrfViewMiddleware',
'django.contrib.auth.middleware.AuthenticationMiddleware',
'django.contrib.messages.middleware.MessageMiddleware',
# Uncomment the next line for simple clickjacking protection:
# 'django.middleware.clickjacking.XFrameOptionsMiddleware',
)
INSTALLED_APPS = (
'django.contrib.auth',
'django.contrib.contenttypes',
'django.contrib.sessions',
'django.contrib.sites',
'django.contrib.messages',
'django.contrib.staticfiles',
'django.contrib.admin',
# Uncomment the next line to enable admin documentation:
# 'django.contrib.admindocs',
)

When I'm looking at admin page source I see 

<input type='hidden' name='csrfmiddlewaretoken' value='T9Mfk1LRXi5jPE2dh5jcvdKwzYM6Iy5I' />

there

I have Django version 1.4.1

like image 922
igoris Avatar asked Oct 03 '12 15:10

igoris

People also ask

How do I fix CSRF verification failed aborted?

Are you trying to log in and are receiving a “Forbidden (403) CSRF verification failed.” message? What is happening is that our site's securities are in conflict with an autofill-enabled configuration in your browser. To fix, you can: Disable autofill, allow cookies, and clear your cache.

What is CSRF protection in Django?

The CSRF middleware and template tag provides easy-to-use protection against Cross Site Request Forgeries.

1 Answers

Have you overridden the CSRF_COOKIE_DOMAIN setting? If the CSRF token is present in the form, and you haven't modified the source of the admin app, then the most likely scenario is that the cookie is not being set correctly.

Check the response headers of the login page to make sure that the cookie is being set correctly, and check the request headers of your login attempt to ensure that it is also being sent (and matches the value in the form).

like image 106
Ian Clelland Avatar answered Sep 21 '22 16:09

Ian Clelland
Sign in to Comment

Related questions

Deploying to multiple EC2 servers with Fabric
OpenCV dot target detection not finding all targets, and found circles are offset
scatterplot with xerr and yerr with matplotlib
Python SL4A Development
distutils, distutils2, pip and requirements [closed]
How to Add an icon to an ubuntu app
Using GitPython module to get remote HEAD branch
Add a 2 value tuple to dict as key:value
How do I re-draw only one set of axes on a figure in python?
General synonym and part of speech processing using nltk
How to install python modules in blender
building scrapy spiders into my own program, i don't want to call scrapy from command line)
mapping psql type oids to python types - with psycopg2
How to set the DocumentRoot while using python's HTTPServer?
gsl error while Installing mlpy [closed]
cursor.fetchone() returns None but row in the database exists
How to run PyCharm using port 80
How to connect to mysql database from python using connection string
Working with Mountain Lion's Notification Center using PyObjC
Reducing numpy memory footprint in long-running application

Donate For Us

If you love us? You can donate to us via Paypal or buy me a coffee so we can maintain and grow! Thank you!