I’ve been trying to deploy my real-time chat application on render using a supabase database for the past two days, but I keep encountering the same error (image below).
The application works perfectly on localhost, both with the standard python3 manage.py runserver
command and with Daphne daphne -b 0.0.0.0 main.asgi:application
, which I’m using for deployment. There are no errors in either case when running locally.
For context, the live website successfully loads the login and registration pages, but the error occurs after I try to proceed past them. I have also ensured that the CSRF token is included in every form, as you can see in the source code. I don’t believe the issue is with the database, as I can see new records being created in supabase. I suspect the problem might be related to WebSocket functionality.
Source Code: GitHub - KafetzisThomas/Chatterbox: Enables real-time chat conversations among users.
Live site: https://chatterbox-demo.onrender.com
Error on render dashboard:
Forbidden (Origin checking failed - [https://chatterbox-demo.onrender.com](https://chatterbox-demo.onrender.com/) does not match any trusted origins.): /user/login/
Error screenshot:
1 Like
Notice what the error message is telling you:
In looking at your code, I do not see an entry for CSRF_TRUSTED_ORIGINS
in your settings file. You probably want to add a setting like CSRF_TRUSTED_ORIGINS = ['https://chatterbox-demo.onrender.com']
in your settings.
You can also find more details at Cross Site Request Forgery protection | Django documentation | Django.
1 Like
I switched the branch from main
to a new deployment
branch through the dashboard settings to avoid affecting the main branch. You can check here to see that I’ve also added an entry for CSRF_TRUSTED_ORIGINS
. However, the issue still occurs.
What is the error you are currently getting from the server? (I’m looking for the message from the server, not what is displayed in the browser.)
This is the error I’m getting from the server:
Forbidden (Origin checking failed - https://chatterbox-demo.onrender.com does not match any trusted origins.): /user/login/
Is there a way you can verify that you have deployed your “deployment” branch and that you’re not still running “main”?
Yes, from the project settings:
Have there been any new insights or suggestions on how to fix it?
Nothing solid. You could try, as a debugging step, to add 'https://*.onrender.com'
to that list to see if that works. Otherwise, I’d look for some other mechanism to verify that what you think you have deployed is what’s actually running.
I’ve never encountered a situation where that setting doesn’t work, and in looking through the code, I’m not sure I see a way that it could fail.
(I’ve never used render, I don’t know anything about it, nor how it manages deployments to have any idea of what you can check.)
I’ll keep looking for a solution. Thank you for taking the time to help me with this issue.
1 Like
i think you send post request without csrf token.
send csrf in post request.
or exempt csrf
1 Like
I figured out my issue with CSRF_TRUSTED_ORIGINS
. I had accidentally set it multiple times, which was overriding the previous settings. Once I removed the duplicates, everything worked fine.
You can see the fix here: Update settings.py · KafetzisThomas/Chatterbox@97935ca · GitHub
Hope this helps someone else!
1 Like