CORS Origin and CSRF related issue


So it turns out that i had a trailing slash missing from all delete requests made to the Django… So issue resolved!
Am still curious as to why it suddenly started showing an error and worked fine prior. Since i did not remove the trailing slash from the relevant delete functions. it was always missing and Django still managed to carry out the requests.




I’ve encountered a issue during my development. This is an app I’ve been working on for a while and all of sudden this popped up:

This only happens when I send a delete request via Axios. get, post, put and patch work fine. I am using React for my frontend. CORS is set to all:

Another weird issue is that i have the same code on my EC2 instance and it works fine over there. the only difference in the settings file are ALOWED HOSTS and the Database.

I’ve also tried opening a new project with a new venv by copying the files of the project but the problem migrated with it.

I’ve gone through the error message that’s displayed when debug = TRUE, everything seems to checkout fine:

  1. Browser cookies enabled
  2. Middleware appears in the settings files as it should, both for csrf and CORS.

some more code for context:

Please let me know what more context might need.

Thank you

I’ve found debugging csrf issues a bit challenging. I ended up writing a blog post that goes over how I debug them on my own. If you’re interested in figuring out why this was breaking for you and maybe getting more comfortable with Django’s source code, this may be helpful. Debugging CSRF Failed / 403 Forbidden errors in Django · Better Simple