Discussion:
Forbidden (CSRF token missing or incorrect.)
(too old to reply)
Rabah Saadi
2018-11-21 10:32:34 UTC
Permalink
Hello,

I've been using Django 2.2Dev for a while now, since April 2018, and it is
working just fine (I got my reasons why Django Dev). But since the last git
pull, it shows the CSRF token missing, on every page has a form with CSRF
token.

Is there something broke or ... ? since My Django-2.2Dev before the last
"git pull" was working just fine.

PS : Donwgrade to Django 2.1.3 stable, works fine too.

thank you.
--
You received this message because you are subscribed to the Google Groups "Django users" group.
To unsubscribe from this group and stop receiving emails from it, send an email to django-users+***@googlegroups.com.
To post to this group, send email to django-***@googlegroups.com.
Visit this group at https://groups.google.com/group/django-users.
To view this discussion on the web visit https://groups.google.com/d/msgid/django-users/a9561d58-4d38-4753-b78a-893fd3f38b71%40googlegroups.com.
For more options, visit https://groups.google.com/d/optout.
Jason
2018-11-21 16:42:43 UTC
Permalink
sounds like you really should post this to the django-developers user group
or the project bug tracker as a regression report.
--
You received this message because you are subscribed to the Google Groups "Django users" group.
To unsubscribe from this group and stop receiving emails from it, send an email to django-users+***@googlegroups.com.
To post to this group, send email to django-***@googlegroups.com.
Visit this group at https://groups.google.com/group/django-users.
To view this discussion on the web visit https://groups.google.com/d/msgid/django-users/38909c1d-208b-4d6f-85af-64a460020d85%40googlegroups.com.
For more options, visit https://groups.google.com/d/optout.
Gear Crew
2018-11-21 17:24:53 UTC
Permalink
send us screenshot from issue
Post by Rabah Saadi
Hello,
I've been using Django 2.2Dev for a while now, since April 2018, and it is
working just fine (I got my reasons why Django Dev). But since the last git
pull, it shows the CSRF token missing, on every page has a form with CSRF
token.
Is there something broke or ... ? since My Django-2.2Dev before the last
"git pull" was working just fine.
PS : Donwgrade to Django 2.1.3 stable, works fine too.
thank you.
--
You received this message because you are subscribed to the Google Groups "Django users" group.
To unsubscribe from this group and stop receiving emails from it, send an email to django-users+***@googlegroups.com.
To post to this group, send email to django-***@googlegroups.com.
Visit this group at https://groups.google.com/group/django-users.
To view this discussion on the web visit https://groups.google.com/d/msgid/django-users/a8478b26-3cb9-4a69-be6f-7345ab7ee597%40googlegroups.com.
For more options, visit https://groups.google.com/d/optout.
Rabah Saadi
2018-11-24 13:07:01 UTC
Permalink
Here the screenshots :
---------------------------------

(hellops-G3NgZpUh) ***@Pavilion:~/dev/hellops$ python manage.py runserver
Performing system checks


System check identified no issues (0 silenced).
November 24, 2018 - 12:52:56
Django version 2.2.dev20181124001902, using settings 'hellops.settings'
Starting development server at http://127.0.0.1:8000/
Quit the server with CONTROL-C.
[24/Nov/2018 12:53:01] "GET
/static/assets/app/media/img/misc/user_profile_bg.jpg HTTP/1.1" 200 8192
[24/Nov/2018 12:53:02] "GET /accounts/logout/ HTTP/1.1" 302 0
[24/Nov/2018 12:53:02] "GET /accounts/login/ HTTP/1.1" 200 9208
[24/Nov/2018 12:53:02] "GET /static/assets/app/media/img/logos/logo-1.png
HTTP/1.1" 200 3475
[24/Nov/2018 12:53:05] "POST /accounts/login/ HTTP/1.1" 302 0
[24/Nov/2018 12:53:05] "GET /dashboard/ HTTP/1.1" 200 233576
[24/Nov/2018 12:53:06] "GET
/static/assets/vendors/custom/fullcalendar/fullcalendar.bundle.css
HTTP/1.1" 200 8192
[24/Nov/2018 12:53:06] "GET /static/hellops-logos/x48/Peugeot-logo-x48.png
HTTP/1.1" 200 5256
[24/Nov/2018 12:53:06] "GET
/static/hellops-logos/x48/Volkswagen-logo-x48.png HTTP/1.1" 200 5465
[24/Nov/2018 12:53:06] "GET /static/hellops-logos/x48/Renault-logo-x48.png
HTTP/1.1" 200 3717
[24/Nov/2018 12:53:06] "GET /static/assets/app/media/img/blog/blog1.jpg
HTTP/1.1" 200 88643
[24/Nov/2018 12:53:06] "GET /static/assets/app/media/img/users/user1.jpg
HTTP/1.1" 200 8583
[24/Nov/2018 12:53:06] "GET /static/assets/app/media/img/users/user5.jpg
HTTP/1.1" 200 9674
[24/Nov/2018 12:53:06] "GET /static/assets/app/media/img/users/user4.jpg
HTTP/1.1" 200 8627
[24/Nov/2018 12:53:06] "GET /static/assets/app/media/img/users/100_4.jpg
HTTP/1.1" 200 11984
[24/Nov/2018 12:53:06] "GET /static/assets/app/media/img/users/100_11.jpg
HTTP/1.1" 200 14410
[24/Nov/2018 12:53:06] "GET /static/assets/app/media/img/users/100_13.jpg
HTTP/1.1" 200 17908
[24/Nov/2018 12:53:06] "GET /static/assets/app/media/img/users/100_14.jpg
HTTP/1.1" 200 17255
[24/Nov/2018 12:53:06] "GET
/static/assets/app/media/img/products/product6.jpg HTTP/1.1" 200 255923
[24/Nov/2018 12:53:06] "GET
/static/assets/app/media/img/products/product11.jpg HTTP/1.1" 200 171862
[24/Nov/2018 12:53:06] "GET
/static/assets/app/media/img/client-logos/logo1.png HTTP/1.1" 200 3392
[24/Nov/2018 12:53:06] "GET
/static/assets/app/media/img/client-logos/logo2.png HTTP/1.1" 200 4231
[24/Nov/2018 12:53:06] "GET
/static/assets/app/media/img/client-logos/logo3.png HTTP/1.1" 200 3405
[24/Nov/2018 12:53:06] "GET
/static/assets/app/media/img/client-logos/logo5.png HTTP/1.1" 200 3051
[24/Nov/2018 12:53:06] "GET
/static/assets/app/media/img/client-logos/logo4.png HTTP/1.1" 200 5461
[24/Nov/2018 12:53:06] "GET
/static/assets/app/media/img/products/product10.jpg HTTP/1.1" 200 8192
[24/Nov/2018 12:53:07] "POST
/dashboard/inc/api/datatables/demos/default.php HTTP/1.1" 404 3925
Forbidden (CSRF token missing or incorrect.): /vehicule/create/
[24/Nov/2018 12:53:08]
"pagination%5Bpage%5D=1&pagination%5Bperpage%5D=10&sort%5Bsort%5D=asc&sort%5Bfield%5D=OrderID&query=GET
/vehicule/create/ HTTP/1.1" 403 2536

--------
The last line was on red.
And the Browser output is :
------------------------------------
Forbidden (403)

CSRF verification failed. Request aborted.
Help

Reason given for failure:

CSRF token missing or incorrect.


In general, this can occur when there is a genuine Cross Site Request
Forgery, or when Django's CSRF mechanism
<https://docs.djangoproject.com/en/dev/ref/csrf/> has not been used
correctly. For POST forms, you need to ensure:

- Your browser is accepting cookies.
- The view function passes a request to the template's render
<https://docs.djangoproject.com/en/dev/topics/templates/#django.template.backends.base.Template.render>
method.
- In the template, there is a {% csrf_token %} template tag inside each
POST form that targets an internal URL.
- If you are not using CsrfViewMiddleware, then you must use csrf_protect
on any views that use the csrf_token template tag, as well as those that
accept the POST data.
- The form has a valid CSRF token. After logging in in another browser
tab or hitting the back button after a login, you may need to reload the
page with the form, because the token is rotated after a login.

You're seeing the help section of this page because you have DEBUG = True
in your Django settings file. Change that to False, and only the initial
error message will be displayed.

You can customize this page using the CSRF_FAILURE_VIEW setting.
-------------------------------------

Any Idea ??

Thank you so much guys
Post by Gear Crew
send us screenshot from issue
Post by Rabah Saadi
Hello,
I've been using Django 2.2Dev for a while now, since April 2018, and it
is working just fine (I got my reasons why Django Dev). But since the last
git pull, it shows the CSRF token missing, on every page has a form with
CSRF token.
Is there something broke or ... ? since My Django-2.2Dev before the last
"git pull" was working just fine.
PS : Donwgrade to Django 2.1.3 stable, works fine too.
thank you.
--
You received this message because you are subscribed to the Google Groups
"Django users" group.
To unsubscribe from this group and stop receiving emails from it, send an
Visit this group at https://groups.google.com/group/django-users.
To view this discussion on the web visit
https://groups.google.com/d/msgid/django-users/a8478b26-3cb9-4a69-be6f-7345ab7ee597%40googlegroups.com
<https://groups.google.com/d/msgid/django-users/a8478b26-3cb9-4a69-be6f-7345ab7ee597%40googlegroups.com?utm_medium=email&utm_source=footer>
.
For more options, visit https://groups.google.com/d/optout.
--
You received this message because you are subscribed to the Google Groups "Django users" group.
To unsubscribe from this group and stop receiving emails from it, send an email to django-users+***@googlegroups.com.
To post to this group, send email to django-***@googlegroups.com.
Visit this group at https://groups.google.com/group/django-users.
To view this discussion on the web visit https://groups.google.com/d/msgid/django-users/CAOobAftjEObG_Xottf2iw_2pu8V9f1Jx71yRRaDTue%3Dk8qkPQQ%40mail.gmail.com.
For more options, visit https://groups.google.com/d/optout.
Rabah Saadi
2018-11-28 13:38:21 UTC
Permalink
Any Clue guys ??, Please
Post by Rabah Saadi
Hello,
I've been using Django 2.2Dev for a while now, since April 2018, and it is
working just fine (I got my reasons why Django Dev). But since the last git
pull, it shows the CSRF token missing, on every page has a form with CSRF
token.
Is there something broke or ... ? since My Django-2.2Dev before the last
"git pull" was working just fine.
PS : Donwgrade to Django 2.1.3 stable, works fine too.
thank you.
--
You received this message because you are subscribed to the Google Groups "Django users" group.
To unsubscribe from this group and stop receiving emails from it, send an email to django-users+***@googlegroups.com.
To post to this group, send email to django-***@googlegroups.com.
Visit this group at https://groups.google.com/group/django-users.
To view this discussion on the web visit https://groups.google.com/d/msgid/django-users/e2e990f8-b624-4fe0-b57b-dd812eba166a%40googlegroups.com.
For more options, visit https://groups.google.com/d/optout.
Andreas Schosser
2018-11-29 13:14:07 UTC
Permalink
Hi Rabah,

I encountered a similar problem today and could pin it to the setting
"CSRF_COOKIE_SECURE = True". I don't use https on my development
machines so the cookie is not set. Changing the value to
"CSRF_COOKIE_SECURE = False" in my local settings solved it.

You may check, how you access your sites, by http or https.

Greetings,
Andreas
Post by Rabah Saadi
I've been using Django 2.2Dev for a while now, since April 2018, and it is
working just fine (I got my reasons why Django Dev). But since the last git
pull, it shows the CSRF token missing, on every page has a form with CSRF
token.
Is there something broke or ... ? since My Django-2.2Dev before the last
"git pull" was working just fine.
PS : Donwgrade to Django 2.1.3 stable, works fine too.
thank you.
--
You received this message because you are subscribed to the Google Groups "Django users" group.
To unsubscribe from this group and stop receiving emails from it, send an email to django-users+***@googlegroups.com.
To post to this group, send email to django-***@googlegroups.com.
Visit this group at https://groups.google.com/group/django-users.
To view this discussion on the web visit https://groups.google.com/d/msgid/django-users/5f1fb893-a4e1-c74d-b11e-b8ec06ef892d%40kurs-10.de.
For more options, visit https://groups.google.com/d/optout.
Zach
2018-11-29 16:58:11 UTC
Permalink
when using the development server over HTTP, don't set these values:
CSRF_COOKIE_SECURE = True
SESSION_COOKIE_SECURE = True
Post by Rabah Saadi
Hello,
I've been using Django 2.2Dev for a while now, since April 2018, and it is
working just fine (I got my reasons why Django Dev). But since the last git
pull, it shows the CSRF token missing, on every page has a form with CSRF
token.
Is there something broke or ... ? since My Django-2.2Dev before the last
"git pull" was working just fine.
PS : Donwgrade to Django 2.1.3 stable, works fine too.
thank you.
--
You received this message because you are subscribed to the Google Groups "Django users" group.
To unsubscribe from this group and stop receiving emails from it, send an email to django-users+***@googlegroups.com.
To post to this group, send email to django-***@googlegroups.com.
Visit this group at https://groups.google.com/group/django-users.
To view this discussion on the web visit https://groups.google.com/d/msgid/django-users/7efcc063-c238-4cba-8254-00b2dfecbcba%40googlegroups.com.
For more options, visit https://groups.google.com/d/optout.
Rabah Saadi
2018-12-02 08:08:06 UTC
Permalink
Hi guys.

Thank you for the answers. I forgot to tell you that I hit the server in
Developement and it is http. (local)

I did put these parameters in my settings.py :

CSRF_COOKIE_SECURE = False
SESSION_COOKIE_SECURE = False

but it keeps displaying the same message :

Forbidden (CSRF token missing or incorrect.): /vehicule/
[02/Dec/2018 08:03:10]
"pagination%5Bpage%5D=1&pagination%5Bperpage%5D=10&sort%5Bsort%5D=asc&sort%5Bfield%5D=OrderID&query=GET
/vehicule/ HTTP/1.1" 403 2536


but it display it just once this time after I pulled the last Django Dev
from github, this is happening after I logged in and click on any page that
has a CSRF it display a 403 page after I refresh the browser or reload it
it, everythin works fine, you can click on whatever you want it will work
fine.

so now just one time after logging in.

I'm using the built in logging django machinery (Views and URLs), not even
my own views to manage logging.

Thank you guys.
Post by Rabah Saadi
Hello,
I've been using Django 2.2Dev for a while now, since April 2018, and it is
working just fine (I got my reasons why Django Dev). But since the last git
pull, it shows the CSRF token missing, on every page has a form with CSRF
token.
Is there something broke or ... ? since My Django-2.2Dev before the last
"git pull" was working just fine.
PS : Donwgrade to Django 2.1.3 stable, works fine too.
thank you.
--
You received this message because you are subscribed to the Google Groups "Django users" group.
To unsubscribe from this group and stop receiving emails from it, send an email to django-users+***@googlegroups.com.
To post to this group, send email to django-***@googlegroups.com.
Visit this group at https://groups.google.com/group/django-users.
To view this discussion on the web visit https://groups.google.com/d/msgid/django-users/58f570ae-8912-4922-b6cd-af8839b314a9%40googlegroups.com.
For more options, visit https://groups.google.com/d/optout.
Continue reading on narkive:
Loading...