Monday, March 13, 2023

Re: Django Admin

In my previous case, I only use this:

CSRF_TRUSTED_ORIGINS = ['https://your site url',]


On Tue, 14 Mar 2023 at 04:33, Prosper Lekia <lekiaprosper@gmail.com> wrote:
This is how I deal with all csrf related issues.

Make sure csrf MiddleWare is in your MiddleWare list 

'django.middleware.csrf.CsrfViewMiddleware'

Add the settings below in your settings.py to prevent all csrf related issues

CSRF_TRUSTED_ORIGINS = ['https://your site url',]
SECURE_PROXY_SSL_HEADER = ('HTTP_X_FORWARDED_PROTO', 'http')
CSRF_USE_SESSIONS = False
CSRF_COOKIE_SECURE = True
SECURE_BROWSER_XSS_FILTER = True

CORS_ALLOW_CREDENTIALS = True
CORS_ORIGIN_ALLOW_ALL = True


SECURE_CONTENT_TYPE_NOSNIFF = True
SECURE_FRAME_DENY = True
SECURE_HSTS_SECONDS = 2592000
SECURE_HSTS_INCLUDE_SUBDOMAINS = True
SECURE_HSTS_PRELOAD = True
X_FRAME_OPTIONS = 'SAMEORIGIN'
SECURE_REFERRER_POLICY = 'same-origin

On Saturday, March 11, 2023 at 7:04:40 PM UTC+1 James Hunt wrote:
Hi there. I am fairly new to Django but have had previous success with creating an app and being able to access the Admin page.
Recently, if I attempt to access the admin page of a new Django app it throws the CSRF error upon trying to log in!!!

I have attempted several ways to bypass this error including adding allowed hosts but I cant seem to get past this issue.

Can someone please provide me with the definitive way of stopping CSRF error when simply trying to access the admin part of Django? I mean there are no post functions that really apply to this feature so I cant understand the CSRF token.

I cant get past this issue which means I can never access the admin page!!

Please help.

Regards

James

--
You received this message because you are subscribed to the Google Groups "Django users" group.
To unsubscribe from this group and stop receiving emails from it, send an email to django-users+unsubscribe@googlegroups.com.
To view this discussion on the web visit https://groups.google.com/d/msgid/django-users/3f7e8ff3-3619-4ddf-8517-0ee3a613ed20n%40googlegroups.com.

--
You received this message because you are subscribed to the Google Groups "Django users" group.
To unsubscribe from this group and stop receiving emails from it, send an email to django-users+unsubscribe@googlegroups.com.
To view this discussion on the web visit https://groups.google.com/d/msgid/django-users/CAFKhtoSMJcDx5bDfd3bXUsdt5a1x%2BFBaX%3D7KYk5H8wbCHvQT%2Bw%40mail.gmail.com.
Posted by at

No comments:

Post a Comment

Subscribe to: Post Comments (Atom)