CSRF token is null

Redstone · March 17, 2024, 3:33am

While I have tried to make a webserver at
https://beta.pmine.org/skincomp/
could you please see whether it works OK on yourside?

KenWhitesell · March 17, 2024, 3:38am

I didn’t get an error if that’s what you mean.

Redstone · March 17, 2024, 3:51am

I mean when clicking the submit button, the header’s origin is null.
The page will display a 404. actually, I only started my frountend but not the backend
Do you mean that when you are submitting the forum the origin of your header is not null value instead of the origin value that on my side?

KenWhitesell · March 17, 2024, 4:12am

I am sending an Origin: null header

KenWhitesell · March 17, 2024, 4:16am

Please see my reply at CSRF token is null - #21 by KenWhitesell. I don’t think this is going to work - even if you get the Origin header fixed.

The other problem that you are going to have difficulty resolving is the CSRF token and cookie issue. The page loaded from project “A” is not going to be able to give you a CSRF token that project “B” is going to recognize. There’s also likely going to be a problem with the cookie as well.

Redstone · March 17, 2024, 4:27am

I see. So, the thing that I should do is to put the two apps in the same project rather then working with the header thing or do the nginx settings rather than fixing this problem. Thanks for your help
By the way, can I ask for one more question that is it common to put the frount end and backend together in one project? Or I encounter this problem due to some special reasons (I don’t know whether I have expressed myself clearly), but I really thank you for your patience and help

KenWhitesell · March 17, 2024, 4:35am

My opinion is that you only need one app - until you encounter a situation where it is necessary to break it down into multiple apps.

I believe it is a waste of time and effort to needlessly separate tasks arbitrarily into multiple apps. I don’t see where there’s anything to be gained by doing this, and a lot of problems an potential issues as well.

I’ve done production deployments of more than 20 different Django systems, and right off-hand, I can only think of 2 that consisted of more than one app. And, I have never tried - and probably would have never thought of breaking up a project into two separate projects between “front-end” and “back-end”. To me, that just seems like the wrong way to organize a Django project.

So as I explained above, this is the only way I’ve ever done it. I don’t see any value doing it any other way.

Topic		Replies	Views
Unable to solve WARNING:django.security.csrf:Forbidden (CSRF cookie not set.) Mystery Errors	16	1936	November 8, 2024
CSRF token passing between two different domain. Forms & APIs	0	1420	September 6, 2023
CSRF Verification failing in local deployment Deployment	4	463	June 26, 2024
CSRF verification failed Request aborted Mystery Errors	1	139	April 27, 2025
CSRF Token missing Mystery Errors	8	1666	November 21, 2023

CSRF token is null

Related topics