Django 403 CSRF forbidden

The following error message:

Forbidden (403)
CSRF verification failed. Request aborted
More information is available with DEBUG=True

Might occur if you are using an apache / nginx running behind another Apache as a proxy.
To read more about CSRF go to wikipedia. It is basically an interception of a session exploiting the trust a browser has to a site.

So it is an security feature, that is interfered by the proxy.
You have most likely something like:

ProxyPass / https://$yourhost/
ProxyPassReverse / https://$yourhost/

In your apache config. That needs to be extended to:

ProxyPass / https://$yourhost/
ProxyPassReverse / https://$yourhost/
ProxyPreserveHost On

Quote from apache doc:

When enabled, this option will pass the Host: line from the incoming request to the proxied host, instead of the hostname specified in the ProxyPass line.

This option should normally be turned Off. It is mostly useful in special configurations like proxied mass name-based virtual hosting, where the original Host header needs to be evaluated by the backend server.

Schreibe einen Kommentar

Deine E-Mail-Adresse wird nicht veröffentlicht. Erforderliche Felder sind mit * markiert.

Diese Website verwendet Akismet, um Spam zu reduzieren. Erfahre mehr darüber, wie deine Kommentardaten verarbeitet werden.