I am in dev environment and I have a Admin button which when clicked throws CSRF error. I have tried everything in tutorials and forums and documentation. Cant get it to work. Here are the code snippets.
urls.py
urlpatterns = [
path('', RedirectView.as_view(url='accounts/login/')),
path('home/', views.home, name='home'),
path('upload/', views.upload, name='upload'),
path('upload_file/', csrf_exempt(views.upload_file), name='upload_file'),
path('upload_vendor_rate/', csrf_exempt(views.upload_vendor_rate), name='upload_vendor_rate'),
path('accounts/', include('django.contrib.auth.urls')),
path('logout/', csrf_exempt(RedirectView.as_view(url='/accounts/login/'))),
path('adminsettings/',admin.site.urls),
]
HTML Form
<form action="/adminsettings/" method="post" novalidate enctype="multipart/form-data">
{% csrf_token %}
<style>
.top-corner-buttons {
position: absolute;
top: 10px;
right: 10px;
}
.top-corner-buttons button {
margin-left: 5px;
}
</style>
<div class="top-corner-buttons">
<button type="submit">Admin</button>
</div>
</form>
Settings.py
CSRF_COOKIE_SECURE=False
CSRF_USE_SESSIONS=False
CSRF_TRUSTED_ORIGINS=['http://localhost:8000']
CORS_ALLOWED_ORIGINS=['http://localhost:8000']
MIDDLEWARE = [
'django.middleware.security.SecurityMiddleware',
'django.contrib.sessions.middleware.SessionMiddleware',
'django.middleware.common.CommonMiddleware',
'django.middleware.csrf.CsrfViewMiddleware',
'django.contrib.auth.middleware.AuthenticationMiddleware',
'django.contrib.messages.middleware.MessageMiddleware',
'django.middleware.clickjacking.XFrameOptionsMiddleware',
]
Error