CSRF verification failed. Request aborted for /admin/

Using Django Forms & APIs
1

I’ve been trying to login in http://localhost:8000/admin/login/?next=/admin/ url I’ve added almost every possible url to the CSRF_TRUSTED_ORIGINS
I’ve also made an API endpoint /get-csrf-token/ I also have a csrfToken cookie.

CSRF_COOKIE_SECURE = False

CSRF_COOKIE_HTTPONLY = True

SESSION_COOKIE_SECURE = None

SESSION_COOKIE_HTTPONLY = True

CORS_ALLOW_CREDENTIALS = True

CORS_ALLOW_HEADERS = [
“access-control-allow-credentials”,
“content-type”,
“HTTP_X_CSRFTOKEN”,
“AUTHORIZATION”
# Add any other headers you need to allow here
]

CORS_ORIGIN_WHITELIST = [“http://localhost:3000”]

CORS_ORIGIN_ALLOW_ALL = True

CORS_ALLOWED_ORIGINS = [
]

CSRF_COOKIE_DOMAIN = [
]

CSRF_TRUSTED_ORIGINS = [
“localhost:3000”,
“localhost:8000”,
# Add other CSRF trusted origins here if needed
]

ALLOWED_HOSTS = [
“*”,
# Add other allowed hosts here if needed
]

I’ve faced issue too many times and tried many things, what’s the solution to this???
Thanks

2

My CSRF origins:
CSRF_TRUSTED_ORIGINS = [
http://localhost:3000”,
http://localhost:8000”,
# Add other CSRF trusted origins here if needed
]

3

First your CSRF_TRUSTED_ORIGINS was like this

then you have shared this

which one are you using currently because I’ve also used this one and it works for me

CSRF_TRUSTED_ORIGINS=['http://127.0.0.1:8000']
4

I’m using the second with full http url (this forum won’t allow me to post any kind of urls -_- )…
I’ve tried adding that as well.
Can you see which cookie or cookie name do you have? My cookie is named “csrfToken”

5

I’ve csrftoken cookie stored in my browser and you have csrfToken where T is capital letter. Try login again after hard refresh (clearing your cache and all).

6

Yeah did that actually, Can you paste your settings here of only CSRF?

7

Also, clear the cookies for localhost, and refresh django will set csrftoken automatically

8

I’ve already share with you.
In middleware default is set


MIDDLEWARE = [
    ...
    'django.middleware.csrf.CsrfViewMiddleware',
    ...
]
9

You can try this one

image
image1285×391 47.3 KB

Just click clear and refresh

10

Hmm I think sessionid is what I’m lacking tbh

11

No, sessionid will be added once you are logged in successfully, the issue is here

1 Like
12

Love you bro! Thanks that was indeed the issue, I’ve changed the name.