I am using Django 4.2.4 and started using AbstractUser model for login.
It works fine on locally but when deployed to Azure it throws 403 error with CSRF validation error after redirecting to the same url.
SECRET_KEY = 'django-insecure-ctozxf(#6@or3k6n35_(15#wq#q_wzv^b88djebqwgl2+0uq^$o'
DEBUG = True
ALLOWED_HOSTS = ['*']
CSRF_TRUSTED_ORIGINS = ['rallys.azurewebsites.net','https://*.127.0.0.1']
AUTH_USER_MODEL = 'home.User'
I have tried
CSRF_TRUSTED_ORIGINS = ['https://rallys.azurewebsites.net/']
CSRF_TRUSTED_ORIGINS = ['https://*.rallys.azurewebsites.net/']
I am using sqlite3 for db.
There was similar issue just like this here you can go to topic CSRF verification failed. Request aborted for /admin/
Sorry, I have looked at the topic before but am not using the API.
Could you let me know how I can simply implement it for a basic Django project.
What is cause for the issue and work around.?
Where can I include csrf for the Abstract user model.
In the above topic there was issue with csrftoken set to browser in the cookies. It has same issue read the discussions properly you will get it.
Looked at the Cookie it was csrftoken for me.
It’s the same even after clearing it and refresh.
https://rallys.azurewebsites.net or on
localhost? have you checked on both.
Works fine on local host.
But doesn’t work on Azure Webapp.
Also the passwords created inside the Admin panel on local machine are not encrypting, they are showing in plain text unlike other project, if that might be related ?
You are using AbstractUser right? can you share models, managers if any, and how you are creating users.
from django.db import models
from django.contrib.auth.models import AbstractUser
from django.core.exceptions import ValidationError
id = models.AutoField(primary_key=True)
title = models.CharField(max_length=100, blank=False)
description = models.TextField(max_length=500, blank=False, default='This is a Product..!')
bse_code = models.CharField(max_length=20)
nse_code = models.CharField(max_length=20)
You’ve got an extra trailing ‘/’ on the end of your entries in
My Project is working fine in localhost but have trouble in production when the admin redirects to a different url. I guess the https is converting into http which i haven’t provided in the trusted origins for csrf. I have included the below code in settings and it works fine in Azure webapp
SECURE_PROXY_SSL_HEADER = (‘HTTP_X_FORWARDED_PROTO’, ‘https’)