I tried to find a solution to my problem for 4 days, but it didn’t work
Problem: when I set the set_cookie, the file does not appear in my browser cookies (I assume there is a problem with setting up the CSRF token), but I seem to have already tried everything they wrote (disable the CSRF check, change the suggested settings in the settings)
My view code:
from django.shortcuts import render
from django.http import HttpResponse
from django.views.decorators.csrf import csrf_exempt
from django.views.decorators.csrf import csrf_protect
@csrf_protect
def update(request):
if request.method == "POST":
response=HttpResponse()
response.set_cookie("any_name", "any_data", max_age=6900)
return response
My settings code (I tried what was commented out):
CSRF_COOKIE_SECURE = True
CSRF_COOKIE_HTTPONLY = True
CSRF_COOKIE_SAMESITE = 'Strict'
# CSRF_TRUSTED_ORIGINS = ['http://localhost:8501',
# 'http://127.0.0.1:8000',
# 'https://localhost:8501',
# 'https://127.0.0.1:8000',
# 'https://*.localhost:8501',
# 'https://*.127.0.0.1:8000',
# ]
# CORS_ALLOW_CREDENTIALS = True
# CORS_ALLOWED_ORIGINS = [
# 'http://127.0.0.1:8000',
# 'https://localhost:8501',
# 'https://127.0.0.1:8000',
# 'https://*.localhost:8501',
# 'https://*.127.0.0.1:8000',
# ]
MIDDLEWARE = [
"django.middleware.csrf.CsrfViewMiddleware",
# 'WebTableEditor.utils.DisableCSRF',
"django.middleware.security.SecurityMiddleware",
"django.contrib.sessions.middleware.SessionMiddleware",
"corsheaders.middleware.CorsMiddleware",
"django.middleware.common.CommonMiddleware",
"django.contrib.auth.middleware.AuthenticationMiddleware",
"django.contrib.messages.middleware.MessageMiddleware",
"django.middleware.clickjacking.XFrameOptionsMiddleware",
]
url(maybe needed):
urlpatterns = [
path("admin/", admin.site.urls),
path('api/', include('WebTableEditor.api.urls')),
path('update/', update),
path('streamlit/', TemplateView.as_view(template_name='streamlit.html')),
]