For example, you should have: CSRF_COOKIE_DOMAIN = '127.0.0.1', without the http:// prefix and without the port number, what is in your file? Of course you need to have either the real IP address or host name, if the host is remote, but for the local host the 127.0.0.1 should work.
Create Admin User Error - "CSRF verification failed. Request aborted."
I have installed a version of Askbot on my local machine (Mac OSX). It works fine, except that it won't let me lot into the admin at all, so I cannot create an admin user.
I get the message "CSRF verification failed. Request aborted." when I try to log into admin/create a user profile.
I see previous threads suggest this is due to to mis-configuration of CSRF_COOKIE_DOMAIN in settings.py. I have set this to 'localhost' -- this obviously is not working.
A separate thread on Django suggested I solve the problem by adding two lines to settings.py Middleware section -- this did not work either:
'django.middleware.csrf.CsrfViewMiddleware', 'django.middleware.csrf.CsrfResponseMiddleware',
Any suggestions for me?
3 Answers
Please put instead an IP address - the 'localhost' value won't work.
Usually you get '127.0.0.1' as the localhost IP address.
Comments
Sorry this is not an answer, but I can't add comments - probably not available for new users.
I'm having the exact same issue on Debian Squeeze. I get it when I follow 'Create a password-protected account' for creating the first (admin) account:
http://127.0.1.1:8000/account/signup/?login_provider=local
I Installed Askbot (and django) using pip. I tried both localhost and the ip style, and tried everything mentioned above:
added 'django.middleware.csrf.CsrfViewMiddleware', 'django.middleware.csrf.CsrfResponseMiddleware',
'django.core.context_processors.csrf' is there.
The CSRF token is there in the form, but I notice there are two of them - is that normal ?!
<form id="signin-form" method="post" action="/account/signin/"><div style='display:none;'>
<input type='hidden' id='csrfmiddlewaretoken' name='csrfmiddlewaretoken' value='0e488724a595cc9099ff83aa7ee2ac27' /></div>
<div style='display:none'>
<input type='hidden' name='csrfmiddlewaretoken' value='0e488724a595cc9099ff83aa7ee2ac27' /></div>
Comments
Same story:Forbidden (403)
CSRF verification failed. Request aborted.
Basel Shishani ( 2011-12-15 10:35:17 -0500 )editIs this something I need to investigate at Django level? Askbot is not doing anything special with CSRF - right?!
Basel Shishani ( 2011-12-15 10:39:43 -0500 )editNo, if you set up askbot following the instructions - it should work, and test with runserver first. The key is to set the CSRF_COOKIE_DOMAIN correctly. If you still have problems maybe you could let me log in to your server and check? You can also email me your settings.py file.
DOMAIN_NAME = ''
CSRF_COOKIE_NAME = 'localhost_csrf'
CSRF_COOKIE_DOMAIN = DOMAIN_NAME
If your server is running at http://127.0.0.1:8000/,
Empty string is the answer.
DOMAIN_NAME = ''
Comments
Revisiting an old issue: I was recently testing on G Chrome running on http://127.0.0.1:8000/, and getting the "CSRF verification failed" error. Initially, I had /DOMAIN_NAME = 'localhost'/, so I switched to /DOMAIN_NAME = ''/ as you point out, and the error went away. But then I switched back to /DOMAIN_NAME = 'localhost'/, and the error is not there anymore on subsequent server runs. So somewhere it seems there is a bug/feature where DOMAIN_NAME = 'localhost', will not work initially, but will work if the cookie has been set earlier by using the blank domain name (?!).
Basel Shishani ( 2012-06-15 02:10:21 -0500 )editReliable Askbot Hosting
Create your Q&A site at askbot.com. Managed Askbot hosting at just $15/mo. Dedicated hosting, support contracts, consulting services.
create your Q&A site30 days free trial
Stats
Asked: 2011-12-06 01:02:48 -0500
Seen: 656 times
Last updated: Mar 13 '12
