I’m having a problem with Django 4.0 backend in debug mode where I use session auth with csrf token.
I use wildcard subdomains:
CSRF_TRUSTED_ORIGINS = ["http://*.local.lab:8080"] ALLOWED_HOSTS = [".local.lab"] CORS_ALLOW_ALL_ORIGINS = True CORS_ALLOW_CREDENTIALS = True CSRF_COOKIE_HTTPONLY = False CSRF_COOKIE_SECURE = False SESSION_COOKIE_HTTPONLY = True
When I’m accessing app on http://local.lab:8080 CSRF token is being sent and set in browser storage, all works as intended.
When I’m accessing app with any other URL combination i.e. http://www.local.lab:8080 or http://subdomain.local.lab:8080 CSRF request comes back with the correct cookie but the cookie is never set in a browsers storage and that prevents me from creating x-csrf token and making any post requests.
Everything I’m testing on local domain where I mapped my local IP to the domain local.lab with help of the tool dnsmasq.
What am I doing wrong in here?