48👍
Admin login normally does require a csrf token, but that’s normally all taken care for you.
- Check your browser’s cookies to see if there is a csrf token present
- Try clearing cookies and refreshing
- If you are using Django 4.0, you may to add this line to your
settings.py
file:CSRF_TRUSTED_ORIGINS = ['https://*.mydomain.com','https://*.127.0.0.1']
(making the appropriate changes). In 4.0, they started checking the origin header unlike in previous versions. Thanks to this answer for suggesting this solution. - Check to make sure you have
django.middleware.csrf.CsrfViewMiddleware
in your middleware - Check that you’re either on
https
or you haveCSRF_COOKIE_SECURE=False
(which is the default) in settings, otherwise your csrf cookie exists but won’t be sent. Purge your cookies after changingCSRF_COOKIE_SECURE
.
93👍
for new users facing this issue after upgrading to Django +4.0 you need to add CSRF_TRUSTED_ORIGINS=['https://*.YOUR_DOMAIN.COM']
to settings.py
thanks to the below answer:
- [Django]-How to get superuser details in Django?
- [Django]-How do I send empty response in Django without templates
- [Django]-How can I set two primary key fields for my models in Django?
5👍
This error was appearing for me when I had not set CSRF_COOKIE_DOMAIN in my settings_local but it was set in my main settings.py.
In my case I set it to the local host eg
CSRF_COOKIE_DOMAIN = '127.0.0.1'
- [Django]-How to get the ID of a just created record in Django?
- [Django]-In the Django admin site, how do I change the display format of time fields?
- [Django]-Custom QuerySet and Manager without breaking DRY?
3👍
Add a csrf token to your context in the login view and in your template add in the hidden div for the csrf token. Ensure you have django.middleware.csrf.CsrfViewMiddleware in the middleware section in your settings.py.
Then add @csrf_protect to your views to do with login. It is also possible you tried to login with incorrect credentials – you need @csrf_protect on the logout view in your app’s views.py you call on the appropriate uri for login/logout etc. in urls.py also. My logout simply calls logout(request) then calls HttpResponseRedirect(”) which is probably not perfect but it does me for my needs for now.
- [Django]-How to import csv data into django models
- [Django]-Pypi see older versions of package
- [Django]-How to deal with "SubfieldBase has been deprecated. Use Field.from_db_value instead."
3👍
As a security measure, I had CSRF_COOKIE_SECURE = True
in my settings. Trying to log into admin via localhost where there isn’t HTTPS threw the forbidden error.
Set it to False
to get it working on localhost
- [Django]-Django – No such table: main.auth_user__old
- [Django]-Django rest framework nested self-referential objects
- [Django]-Django-tables2: How to use accessor to bring in foreign columns?
1👍
This could also happen when you are already logged in into your website hosted on a url different than admin. And then try to login into your admin panel in a new tab.
Try to open the admin panel in a different window.
- [Django]-How can I render a tree structure (recursive) using a django template?
- [Django]-Django-rest-framework returning 403 response on POST, PUT, DELETE despite AllowAny permissions
- [Django]-Rendering a value as text instead of field inside a Django Form
1👍
In my case it was solved by changing the setting:
SECURE_PROXY_SSL_HEADER = ('HTTP_X_FORWARDED_PROTO', 'https')
to
SECURE_PROXY_SSL_HEADER = ('HTTP_X_FORWARDED_PROTO', 'http')
- [Django]-How do you Serialize the User model in Django Rest Framework
- [Django]-Filtering dropdown values in django admin
- [Django]-Django Footer and header on each page with {% extends }
0👍
Try opening your site in incognito mode.
There is a good chance that it could be your browser cookie, the above test will iron out that possibility.
- [Django]-Django syncdb and an updated model
- [Django]-Use variable as dictionary key in Django template
- [Django]-What's the best solution for OpenID with Django?
-1👍
I used to have the same problem every time when I was using my default environment, and then using a virtual environment worked for me. It works every time. If you don’t know how to create a virtual environment, here’s how you do it:
- Just create a virtual environment in your project’s directory by
running the commandvirtualenv theNameYouWannaGiveYourEnvironment
. - Then activate your virtual environment by using
theNameYouWannaGiveYourEnvironment/bin/activate
(on Linux, I think it works for Mac Os too, but it’s different for Windows). - After that, just install Django by
pip install django
and all the other requirements for your application to run.
Alternatively, you can also use Anaconda to create your virtual environment and install all your requirements. Just refer to this documentation if you wanna use anaconda: https://docs.conda.io/projects/conda/en/latest/user-guide/tasks/manage-environments.html
- [Django]-How do you configure Django to send mail through Postfix?
- [Django]-How to simplify migrations in Django 1.7?
- [Django]-Django substr / substring in templates