djangodjango-modelsdjango-csrfcsrf-token

Django Forbidden (403) CSRF verification failed. Request aborted

So I did a deployment to my project and after I got HTTPS to my web, Django shows me this error now: enter image description here

it happens after my login page: login.html

{% load i18n static bootstrap4 %}

<!DOCTYPE html>
<html>

<head>

    <link rel="stylesheet" href="{% static 'web_site/css/login.css' %}" />
    <script src="https://code.jquery.com/jquery-3.6.0.min.js"
        integrity="sha256-/xUj+3OJU5yExlq6GSYGSHk7tPXikynS7ogEvDej/m4=" crossorigin="anonymous"></script>
    <script src="{% static 'web_site/js/login.js' %}"></script>

</head>
<body>

    <div class="wrapper">

        <div class="container">

            <h1>Welcome</h1>


            {% if context %}
            <ul class="messages">

                <li class="error">{{ context }}</li>

            </ul>
            {% endif %}
            <form class="form" action="" method="post">
                {% csrf_token %}
               {% bootstrap_form form %}
                <button type="submit" id="login-button">Login</button>

            </form>

        </div>

        <ul class="bg-bubbles">
            <li></li>
            <li></li>
            <li></li>
            <li></li>
            <li></li>
            <li></li>
            <li></li>
            <li></li>
            <li></li>
            <li></li>
        </ul>

    </div>

</body>
</html>

In my views.py i already have: return render(request, "web_site\my_profile.html", {"cool": p}) and after form tad the csrf_token

my views.py:

from django import template
from django.contrib import messages
from django.contrib.auth import authenticate
from django.contrib.auth import login as auth_login
from django.contrib.auth.decorators import login_required
from django.contrib.auth.models import ContentType, Permission, User
from django.shortcuts import render
from django.urls import resolve
from django.views.generic import TemplateView
from django.contrib.auth.mixins import LoginRequiredMixin

from .forms import FileForm


class HomeView(LoginRequiredMixin, TemplateView):
    template_name = "web_site/home.html"


@login_required
def profile(request):
    p = Permission.objects.filter(user=request.user)
    return render(request, "web_site\my_profile.html", {"cool": p})


def upload_file(request):
    if request.method == "POST":
        form = FileForm(request.POST, request.FILES)
        if form.is_valid():
            form.save()
            return HttpResponseRedirect("/")
    else:
        form = FileForm()

    return render(request, "web_site/file.html", {"form": form})


@login_required
def list_app_tables(request):

    p = Permission.objects.filter(user=request.user)
    return render(request, "web_site\list_table_link.html", {"list": p})

What should I do?

TNX guys

Solution

  • After I tried many options, I found the correct one. In setting.py need to add

    CSRF_TRUSTED_ORIGINS = ['https://your-domain.com']

    It's working now! I hope it gonna help others.