Skip to main content

All Questions

Ask Question
Tagged with
18 questions
Newest Active Bountied Unanswered
Filter by
Sorted by
Tagged with
0 votes
0 answers
20 views

How to Handle CSRF for iFrames in Django with Multiple Whitelabel Sites Without Using a Domain Whitelist?

I’m building a whitelabel solution using Django, where my clients can embed forms from my application within their websites using iFrames. However, I’m running into a problem with CSRF protection when ...
Omar's user avatar
Omar
  • 329
0 votes
0 answers
43 views

how to fix django CSRF error for admin area?

I set up docker-compose to server django v5.0.6 and I see login page but after signin I face with CSRF error. my docker-compose containers: Nginx web (django container) postgres all the configs are ...
mahradbt's user avatar
mahradbt
  • 400
1 vote
2 answers
260 views

Django admin csrf token not set

I have a Django project working locally with login to the admin portal working. Once the project has been deployed to our development environment the pages that do not require CSRF authentication are ...
Buns's user avatar
Buns
  • 39
0 votes
0 answers
433 views

Django server does not accept cookies

When I try to send a POST request to the DJANGO app hosted on the server, with included credentials in the Axios request or with a Postman app, I cannot access cookies in the app, because cookies are ...
Nikola's user avatar
Nikola
  • 79
0 votes
1 answer
498 views

Django CSRF "Referer Malformed"... but it isn't

I'm trying to test a deployment config for a Django setup that works fine in development mode. I have name-based routing via Nginx's ssl_preread module on a load balancer, and SSL terminates at ...
RNC's user avatar
RNC
  • 107
1 vote
1 answer
2k views

Configure nginx/gunicorn django behind a load balancer

I set up an nginx/gunicorn server with this tutorial. This worked like a charm with a local docker-compose file. Then I pushed the containers to AWS fargate, and set up a load balancer in front of the ...
user1383029's user avatar
user1383029
  • 2,105
1 vote
0 answers
1k views

CSRF verification always fails when accessing Django admin page through nginx proxy

I have gunicorn serving a Django (v3.0.6) project on my server (at port 8000). I have the host name (and variations on localhost) in the ALLOWED_HOSTS variable of my Django project. And I have nginx ...
Dominic Delabruere's user avatar
Dominic Delabruere
  • 11
1 vote
1 answer
252 views

Script is executed even though xss is enabled

I'm running my site on nginx server(1.12.2). I'm using django framework for my site. I have enabled X-XSS protection in settings.py in django by, SECURE_BROWSER_XSS_FILTER = True ...
Sri Harsha's user avatar
Sri Harsha
  • 148
0 votes
1 answer
1k views

CSRF Failure On AJAX POST Request After Deploy Django Application With Nginx

I use Nginx and Gunicorn to deploy my Django 2.X blog on VPS. When i push some data to Django backend via Jquery AJAX, then i got 403 CSRF error. I googled a lot but still can't figure out how to fix ...
CloudSen's user avatar
CloudSen
  • 103
3 votes
1 answer
3k views

Weird CSRF error in Django with Nginx and Gunicorn

Background When I try to access into my Django administration panel, I get Forbidden (403) CSRF verification failed. Request aborted., even if I disable the CSRF middleware. This affects all users, ...
J. Santiago's user avatar
J. Santiago
  • 139
0 votes
0 answers
1k views

Django: csrf_token doesn't work after deploy

I deploying my Django project in AWS (nginx, gunicorn) I can access my project through url and looking great. But problem is that I can not send any POST request because of csrf_token error. I just ...
user3595632's user avatar
user3595632
  • 5,700
0 votes
1 answer
154 views

CSRF failure on server using Remote Authentication (works when cookie is cleared)

I'm using Django's RemoteUserMiddleware to authenticate the users in one website. It works great until the next day. When I try to do anything using POST methods (even in Django's admin page) it gives ...
renno's user avatar
renno
  • 2,817
5 votes
2 answers
3k views

CSRF django nginx with ssl from cloudflare

Background I'm trying to configure my Django app to work with ssl provided by cloudflare. I have about the same setup as this answer and have followed the same solution. Issue: This has been ...
Silian Rails's user avatar
Silian Rails
  • 917
2 votes
0 answers
979 views

AJAX call on Django page results in 403 Forbidden, but not in Chrome

I have a problem with the CSRF token mechanism in Django that only occurs in Firefox and Internet Explorer (Chrome seems to work just fine). My site serves a page which performs an AJAX call once the ...
Jonah Bishop's user avatar
Jonah Bishop
  • 12.6k
5 votes
3 answers
4k views

Django CSRF Error Casused by Nginx X-Forwarded-host

I've been working on a django app recently and it is finally ready to get deployed to a qa and production environment. Everything worked perfectly locally, but since adding the complexity of the real ...
Colin Murphy's user avatar
Colin Murphy
  • 1,155
2 votes
0 answers
395 views

CSRF token doesn't work on a live server but works on django's test server

So I have this view: def ocorrenciasRodovia(request,cod=386): ctoken = {} ctoken.update(csrf(request)) if request.method == 'POST': cod = request.POST.get('idBr') It works on a ...
ViniBiso's user avatar
ViniBiso
  • 179
2 votes
1 answer
3k views

Django + Gunicorn + Nginx = CSRF cookie not set

I've set up Django behind Nginx with Gunicorn, but when I try to log in to the admin panel, I get: Forbidden (403) CSRF verification failed. Request aborted. Reason given for failure: CSRF cookie ...
FLX's user avatar
FLX
  • 4,714
1 vote
1 answer
2k views

django https + CSRF

I'm trying to setup django site work ower https with csrf protection. It work on nginx server. nginx works on https and my django app succesful serve GET requests. when i try to make post request it'...
mixo's user avatar
mixo
  • 329