hi
my website error 403 in login
my english not good.
Help
Reason given for failure:
CSRF token from POST incorrect.
In general, this can occur when there is a genuine Cross Site Request Forgery, or when Django’s CSRF mechanism has not been used correctly. For POST forms, you need to ensure:
Your browser is accepting cookies.
The view function passes a request to the template’s render method.
In the template, there is a {% csrf_token %} template tag inside each POST form that targets an internal URL.
If you are not using CsrfViewMiddleware, then you must use csrf_protect on any views that use the csrf_token template tag, as well as those that accept the POST data.
The form has a valid CSRF token. After logging in in another browser tab or hitting the back button after a login, you may need to reload the page with the form, because the token is rotated after a login.
You’re seeing the help section of this page because you have DEBUG = True in your Django settings file. Change that to False, and only the initial error message will be displayed.
You can customize this page using the CSRF_FAILURE_VIEW setting.
my setting is
tnx
Please post the form and template that you are trying to submit.
Copy/paste the code into the body of the message, surrounded by lines of three backtick - ` characters. This means you should have a line of ```, then your code (or template), then another line of ```.
Side note: ALLOWED_HOSTS entries do not include the scheme. It’s the host name only without the http:// or https:// prefix.
thanks for answer me
class LoginForm(forms.Form):
username = forms.CharField(
label='* نام کاربری :',
error_messages={
'required': 'برای ورود به سایت نام کاربری لازم است'
},
widget=forms.EmailInput(attrs={'class': "form-control", 'type': "text", 'required': "required",
'placeholder': "نام کاربری را وارد کنید"}),
validators=[
validators.MinLengthValidator(2),
validators.MaxLengthValidator(50)
]
)
password = forms.CharField(
label='* کلمه عبور :',
error_messages={
'required': 'برای ورود به سایت پسورد لازم است'
},
widget=forms.PasswordInput(attrs={
'class': "form-control", 'type': "password", 'required': "required", 'placeholder': "پسورد را وارد کنید"}),
validators=[
validators.MinLengthValidator(6),
validators.MaxLengthValidator(20)
]
)
remember_me = forms.BooleanField(label='من را به خاطر بسپار', initial=False, required=False,
widget=forms.CheckboxInput(
attrs={'type': "checkbox", 'class': "custom-control-input",
'id': "customCheck1"}))
class UserLogin(View):
def get(self, request):
login_form = LoginForm()
context = {'login_form': login_form}
return render(request, 'login.html', context)
def post(self, request: HttpRequest):
wrong_pass_username = ""
deactive_user = ""
login_form = LoginForm(request.POST)
if login_form.is_valid():
login_username_enterd = login_form.cleaned_data.get('username')
login_password_entered = login_form.cleaned_data.get('password')
remember_me = login_form.cleaned_data.get('remember_me')
user: Users = Users.objects.filter(username__iexact=login_username_enterd).first()
if user is not None:
if not user.is_active:
deactive_user = 'حساب کاربری شما فعال نشده است.به ایمیل خود مراجعه کنید'
else:
is_password_corect = user.check_password(login_password_entered)
if is_password_corect:
login(request, user)
request.session.set_expiry(1209600) # 2 weeks
if not remember_me:
self.request.session.set_expiry(0)
return redirect(reverse('Home_page'))
else:
wrong_pass_username = 'کاربری با مشخصات بالا یافت نشده'
else:
wrong_pass_username = 'کاربری با مشخصات بالا یافت نشده'
context = {'login_form': login_form, 'wrong_pass_username': wrong_pass_username, 'deactive_user': deactive_user}
return render(request, 'login.html', context)
{% extends 'share/Master2.html' %}
{% load static %}
{% load widget_tweaks %}
{% block title %}
ورود به آپشن ویو
{% endblock %}
{% block content %}
<div class="col-lg-5">
<div class="card mb-0">
<div class="card-body">
<div class="p-2">
<h4 class="text-muted float-right font-18 mt-4">ورود به سایت</h4>
<div>
<a href="{% url 'Home_page' %}" class="logo logo-admin">
<img src="{% static 'assets/images/logo_dark.png' %}" height="28" alt="logo"></a>
</div>
</div>
<div class="p-2">
<form class="form-horizontal m-t-20" href="{% url 'Home_page' %}" method="post"
action="{% url 'login_page' %}">
{% csrf_token %}
{{ login_form.username.label }}
{{ login_form.username }}
{{ login_form.password.label }}
{{ login_form.password }}
{% if wrong_pass_username %}
<div class="notification-list table-danger ">
<hr>
<p>{{ wrong_pass_username }}</p>
</div>
{% elif deactive_user %}
<div class="notification-list table-danger ">
<hr>
<p>{{ deactive_user }}</p>
</div>
{% endif %}
<div class="form-group row">
<div class="col-1">
{% render_field login_form.remember_me type="checkbox" class="custom-control custom-checkbox" id="customCheck1" %}
</div>
<div class="col-11">
{{ login_form.remember_me.label }}
</div>
</div>
<div class="form-group text-center row m-t-20">
<div class="col-12">
<button class="btn btn-primary btn-block waves-effect waves-light" type="submit">ورود به
سایت
</button>
</div>
</div>
<div class="form-group m-t-10 mb-0 row">
<div class="col-sm-7 m-t-20">
<a href="{% url 'recover_password' %}" class="text-muted"><i class="mdi mdi-lock"></i>رمز
خود را فراموش کردید؟</a>
</div>
<div class="col-sm-5 m-t-20">
<a href="{% url 'register_page' %}" class="text-muted"><i
class="mdi mdi-account-circle"></i>
حساب کاربری بسازید</a>
</div>
</div>
</form>
</div>
</div>
</div>
</div>
{% endblock %}
Is ov.example.ir your actual DNS name for your site? I see in ALLOWED_HOSTS you’re also allowing www.ov.example.ir, which if you are, also needs to be included in CSRF_TRUSTED_ORIGINS. Do you have any other DNS names involved here? If so, they may also need to be included in both settings.
ov is my subdomain
main domain in other host and this subdomain develope on django and on other host
403 forbidden by this way solved.but why ?
in google chrome
setting>privacy and security>add my url cookies and other site
and clear cache
I’m sorry, if there’s a still a question here, I’m not understanding what you’re asking or what the issue might be.