1. 技术文章
  2. Why is Django admin login giving me 403 CSRF error?

Why is Django admin login giving me 403 CSRF error?

情到浓时终转凉″ 提交于 2019-11-29 06:54:54

1) Do you have 'django.middleware.csrf.CsrfViewMiddleware' in your settings.MIDDLEWARE_CLASSES ?

2) Are you sure you've always been on 1.2.2? That only came out last night...

I've had the same problem on Django 1.2.1 FINAL. Since I knew that Django on our production site would never be updated from 1.0 (for various reasons), I found a workaround which I implemented into my development version of settings.py, leaving the production settings.py untouched.

Create a middleware.py file in your application directory with the following code:

class disableCSRF:
    def process_request(self, request):
        setattr(request, '_dont_enforce_csrf_checks', True)
        return None

Then in your development version of settings.py, insert this into MIDDLEWARE_CLASSES:

'your_app_name.middleware.disableCSRF',

Perhaps not the safest solution, but our Django site is strictly internal, so there is a minimum risk for any type of malicious actions. This solution is simple and doesn't involve changes to templates/views, and it worked instantly (unlike other I've tried).

Hopefully someone in a similar situation to mine will find this useful.

Credit goes to John McCollum, on whose site I've found this.

According to the docs, not only do you need the csrf hidden form field, but also the csrftoken cookie. The error message you provided also suggests a missing cookie.

I would look in your browser's cookies to ensure the csrftoken cookie is present.

标签
python
django
csrf
django-csrf
易学教程内所有资源均来自网络或用户发布的内容,如有违反法律规定的内容欢迎反馈
该文章没有解决你所遇到的问题?点击提问,说说你的问题,让更多的人一起探讨吧!