Django app runs locally but I get CSRF verification failed on Heroku

Question

My app runs fine at heroku local but after deployed to Heroku, every time I try to login/register/login as admin, it returns this error shown below.

I have tried to put @csrf_exempt on profile views, but that didn't fix the issue.

What can I do?

Answer 1

The error message is fairly self-explanatory (please excuse typos as I can't copy from an image):

Origin checking failed - https://pacific-coast-78888.herokuapp.com does not match any trusted origins

The domain you are using is not a trusted origin for CSRF.

There is then a link to the documentation, which I suspect goes to the Django CSRF documentation, though the documentation for the CSRF_TRUSTED_ORIGINS setting might be more useful:

A list of trusted origins for unsafe requests (e.g. POST).

For requests that include the Origin header, Django’s CSRF protection requires that header match the origin present in the Host header.

Look in your settings.py for CSRF_TRUSTED_ORIGINS and add https://pacific-coast-78888.herokuapp.com to the list. If that setting doesn't already exist, simply add it:

CSRF_TRUSTED_ORIGINS = ["https://pacific-coast-78888.herokuapp.com"]