Django CSRF error

django

#1

Hi,

I just attempted cloning a known working state of a django application from GitHub, that I also know is working on another similar IDE environment and on a local VM dev environment. When I run the django app on c9, and attempt to create an account and verify the email, I am presented with a CSRF error.

I can see that the template has passed my browser the CSRF cookie, but I’m still getting the error for reasons unknown to me. I do not have this problem with this same exact code in any of my other dev envrionments or in production(heroku).

All of my form templates have the csrf tag set correctly, and csrf middleware is enabled in django settings.


#2

Any help here would be appreciated. I actually have started paying for a nitrous.io account instead of cloud9 because of two issues now on c9 that stop my development before I can even begin.


#3

I too would be interested in knowing how to go about fixing this issue. I set up a project a few days ago.

I am using the generic class based views for my forms which should be handling CSRF tokens. But I am mainly getting this error while logged into Djangos backend admin area in both HTTPS and HTTP. Most of the time it happens either trying to log in as admin, or while trying to perform some operation on models such as Adding, Editing, or Deleting an entry.

Each time it occurs I generally have to close my browser completely then reopen the site, log back in and I can do my adds, edits or deletes until it errors out again. I am going to try to troubleshoot what I can based on what I click and actions taken before up until the error.


#4

I am finding that this seems to only be an issue when I am using Chrome.

Firefox worked fine without an error the entire time.

I believe this is relevant to the issue.

https://code.djangoproject.com/ticket/24492


#5

I found that setting the following setting in the settings.py or depending on your set up it may be development.py if you are using an environment based set up.

The following works as a work around for my issue with CSRF errors in Chrome. Instead of using cookies first it will store sessions.

MESSAGE_STORAGE = 'django.contrib.messages.storage.session.SessionStorage'

Of course after this is set, if you already have a corrupted browsing session, you will need to clear your cookie and sessions otherwise you will continue to get the CSRF errors.

I tried this after reading through this section of the Django Docs.

Django Docs Message Engine


#6

Using Firefox instead of Chrome does seems to resolve the issue. I had originally only tried IE as an alternative and got the same error there as well.

I did not try the other suggested Chrome work around.

This does not really explain though why previewing the dev server in other cloud IDEs works without this issue. This only seems to happen on Cloud9.


#7

Have you been able to work around this? I’m facing the same issue.


#8

Using Firefox has been the only workaround I’ve discovered for cloud9 so far. This issue does not seem to happen at all with Firefox, which is strange because I dont have this error with other cloud IDEs using other browsers.


#9

I’m also having this problem. marine’s workaround doesn’t seem to work for me.


#10

If you’re seeing the issue in FireFox, try deleting your cookies for the site you’re working on. That has worked for me. Hit the lock icon by the address bar > click the right arrow > click more information > click view cookies > click Remove All.