ok hope i am not adding to the confusion
I ran into this a while back
CSRF errors are usually (in my case anyways) triggered by apache SSL
setup etc
if you are running Apache + SSL you need to make sure the certificates
and the SNI ssl naming is setup correctly or the CSRF errors will
trigger randomly.
of course the ssl cert has to match the site name
this config assumes APACHE + WSGI + SSL etc. and you are running
multiple virtual sites under apache.
Also note the port 80 redirect (ie everything is directed to the SSL site)
if you are mixing ssl & non-ssl apache / django will get confused and
trip the CSRF error as well.
relative apache config (httpd.conf):
<IfModule ssl_module>
SSLRandomSeed startup builtin
SSLRandomSeed connect builtin
SSLSessionCache memcache:localhost:11211 <<-- only if using memcache.
</IfModule>
then my apache config for a site ?
admin.scom.ca ?
<VirtualHost *:80>
ServerName admin.scom.ca
ServerAlias admin.scom.ca
Redirect permanent / https://admin.scom.ca/
</VirtualHost>
<VirtualHost *:443>
ServerName admin.scom.ca
ServerAlias admin.scom.ca
DocumentRoot /www/admin.scom.ca
Alias /media/ /www/admin.scom.ca/media/
Alias /static/ /www/admin.scom.ca/statics/
Alias /statics/ /www/admin.scom.ca/statics/
<Directory "/www/admin.scom.ca/statics/">
Options FollowSymLinks
AllowOverride None
Require all granted
</Directory>
SSLEngine on
SSLProtocol all
SSLCertificateFile /www/admin.scom.ca/ssl/admin.scom.ca.crt
SSLCertificateKeyFile /www/admin.scom.ca/ssl/admin.scom.ca.key
SSLCertificateChainFile /www/admin.scom.ca/ssl/admin.scom.ca.chain
SuexecUserGroup www www
##Below only used if running WSGI##
WSGIDaemonProcess adminscomcassl user=www group=www processes=10 threads=20
WSGIProcessGroup adminscomcassl
WSGIApplicationGroup %{GLOBAL}
WSGIImportScript /www/admin.scom.ca/django.wsgi
process-group=adminscomcassl application-group=%{GLOBAL}
WSGIScriptAlias / /www/admin.scom.ca/django.wsgi
##End of WSGI##
<IfModule mod_security.c>
SecFilterEngine Off
SecFilterScanPOST Off
</IfModule>
<Directory "/www/admin.scom.ca/wp-content/uploads/">
<Files "*.php">
Order Deny,Allow
Deny from All
</Files>
</Directory>
<Directory /www/admin.scom.ca>
php_admin_value open_basedir /www/admin.scom.ca:/var/log/
</Directory>
<Directory /www/admin.scom.ca>
php_admin_value sys_temp_dir /www/admin.scom.ca/tmp/
</Directory>
<Directory /www/admin.scom.ca>
php_admin_value session.save_path /www/admin.scom.ca/tmp/
</Directory>
<Directory /www/admin.scom.ca>
php_admin_value soap.wsdl_cache_dir /www/admin.scom.ca/tmp/
</Directory>
<Directory /www/admin.scom.ca>
php_admin_value upload_tmp_dir /www/admin.scom.ca/tmp
</Directory>
<Directory "/www/admin.scom.ca">
AllowOverride All
php_value session.save_path "/www/admin.scom.ca/"
</Directory>
</VirtualHost>
Happy Monday !!!
Thanks - paul
Paul Kudla
Scom.ca Internet Services <http://www.scom.ca>
004-1009 Byron Street South
Whitby, Ontario - Canada
L1N 4S3
Toronto 416.642.7266
Main 1.866.411.7266
Fax 1.888.892.7266
Email p...@scom.ca
On 3/12/2023 5:44 AM, Muhammad Juwaini Abdul Rahman wrote:
I think you need to add the following in settings.py:
CSRF_TRUSTED_ORIGIN = ('<your_web_url>')
On Sun, 12 Mar 2023 at 02:04, James Hunt <newbypass...@gmail.com
<mailto:newbypass...@gmail.com>> wrote:
Hi there. I am fairly new to Django but have had previous success
with creating an app and being able to access the Admin page.
Recently, if I attempt to access the admin page of a new Django app
it throws the CSRF error upon trying to log in!!!
I have attempted several ways to bypass this error including adding
allowed hosts but I cant seem to get past this issue.
Can someone please provide me with the definitive way of stopping
CSRF error when simply trying to access the admin part of Django? I
mean there are no post functions that really apply to this feature
so I cant understand the CSRF token.
I cant get past this issue which means I can never access the admin
page!!
Please help.
Regards
James
--
You received this message because you are subscribed to the Google
Groups "Django users" group.
To unsubscribe from this group and stop receiving emails from it,
send an email to django-users+unsubscr...@googlegroups.com
<mailto:django-users+unsubscr...@googlegroups.com>.
To view this discussion on the web visit
https://groups.google.com/d/msgid/django-users/e13c7765-831e-45c5-b091-c8fcfbed19c5n%40googlegroups.com
<https://groups.google.com/d/msgid/django-users/e13c7765-831e-45c5-b091-c8fcfbed19c5n%40googlegroups.com?utm_medium=email&utm_source=footer>.
--
You received this message because you are subscribed to the Google
Groups "Django users" group.
To unsubscribe from this group and stop receiving emails from it, send
an email to django-users+unsubscr...@googlegroups.com
<mailto:django-users+unsubscr...@googlegroups.com>.
To view this discussion on the web visit
https://groups.google.com/d/msgid/django-users/CAFKhtoRactd%2Bhg-3_m8d5MOKSYb0gp9J9m%2BjNM7naykJ8r3Kww%40mail.gmail.com <https://groups.google.com/d/msgid/django-users/CAFKhtoRactd%2Bhg-3_m8d5MOKSYb0gp9J9m%2BjNM7naykJ8r3Kww%40mail.gmail.com?utm_medium=email&utm_source=footer>.
--
This message has been scanned for viruses and
dangerous content by *MailScanner* <http://www.mailscanner.info/>, and is
believed to be clean.
--
You received this message because you are subscribed to the Google Groups "Django
users" group.
To unsubscribe from this group and stop receiving emails from it, send an email
to django-users+unsubscr...@googlegroups.com.
To view this discussion on the web visit
https://groups.google.com/d/msgid/django-users/0f9a82dd-4d6e-9904-3e93-7cb190697ef6%40scom.ca.
