django admin site logging in error: CSRF verification failed. Request aborted

Using Django The Admin
1

When I try to log in to Django admin site I get the following error:

CSRF verification failed. Request aborted. You are seeing this message because this site requires a CSRF cookie when submitting forms. This cookie is required for security reasons, to ensure that your browser is not being hijacked by third parties. If you have configured your browser to disable cookies, please re-enable them, at least for this site, or for “same-origin” requests.

I’m using Django 4.2.5. I can login on my local machine. However, I can’t login to the site running in the server. I have added the following settings to my settings.py file

CSRF_TRUSTED_ORIGINS = ["https://*.mydomain.ir","http://*.mydomain.ir","http://127.0.0.1","http://localhost","http://127.0.0.1:8000"]
SECURE_SSL_REDIRECT = False
SESSION_COOKIE_SECURE = True
SESSION_COOKIE_DOMAIN = None
CSRF_COOKIE_DOMAIN = 'mydomain.ir'
if os.environ.get("IS_SERVER", "False") == "True":
    SECURE_PROXY_SSL_HEADER = ('HTTP_X_FORWARDED_PROTO', 'https')
ALLOWED_HOSTS = ["*"]
CORS_ALLOW_HEADERS = ['*']
SESSION_COOKIE_HTTPONLY = False
CORS_ALLOW_ALL_ORIGINS = True
CORS_ORIGIN_ALLOW_ALL = True
CORS_ALLOW_CREDENTIALS = False
CSRF_COOKIE_SAMESITE = 'None'
SESSION_COOKIE_SAMESITE = 'None'

I’m using Nginx and Gunicorn. here’s my Nginx config file:

server {
  server_name               api.mydomain.ir;
  listen                    80;
  location / {
    proxy_pass              http://127.0.0.1:8000;
    proxy_set_header        Host $host;
    proxy_set_header X-Real-IP $remote_addr;
    proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
    proxy_set_header X-Forwarded-Proto https;
  }
    listen 443 ssl; # managed by Certbot
    ssl_certificate /etc/letsencrypt/live/mydomain.ir/fullchain.pem; # managed by Certbot
    ssl_certificate_key /etc/letsencrypt/live/mydomain.ir/privkey.pem; # managed by Certbot
    include /etc/letsencrypt/options-ssl-nginx.conf; # managed by Certbot
    ssl_dhparam /etc/letsencrypt/ssl-dhparams.pem; # managed by Certbot

}

I have tried clearing browser’s cache but it didn’t work. I’m also using Django Rest Framework:

REST_FRAMEWORK = {
    'DEFAULT_AUTHENTICATION_CLASSES': [
        'rest_framework.authentication.BasicAuthentication',
        'rest_framework.authentication.TokenAuthentication',
    ],
}
2

Are you issuing this request through DRF?

Are you doing a GET before the POST to retrieve the csrf token and cookie?