First time here? Check out the FAQ!
Ask Your Question
0

Create Admin User Error - "CSRF verification failed. Request aborted."
 
   
  
 
 
I have installed a version of Askbot on my local machine (Mac OSX). It works fine, except that it won't let me lot into the admin at all, so I cannot create an admin user. 
 
I get the message "CSRF verification failed. Request aborted." when I try to log into admin/create a user profile. 
 
I see previous threads suggest this is due to to mis-configuration of CSRF_COOKIE_DOMAIN in settings.py. I have set this to 'localhost' -- this obviously is not working. 
 
A separate thread on Django suggested I solve the problem by adding two lines to settings.py Middleware section -- this did not work either: 
 
'django.middleware.csrf.CsrfViewMiddleware',    'django.middleware.csrf.CsrfResponseMiddleware',
 
Any suggestions for me? 
 
 
To enter a block of code:
 
     
  • enter empty line after your previous text
    •  
  • paste or type the code
    •  
  • select the code and press the  button above
    •  
 
Preview: (hide)
  
 
 
 
 
 
 Evgeny's avatar

      13.2k
    
 
 
 
 Evgeny 
 
 
    updated 13 years ago 
 
 
 
 
 william's avatar

      13
    
 
 
 
 william 
 
 
    asked 13 years ago 
 
 
 
 
        
 
 
 
Comments
 
 
 
  see more comments  
 
 
 
 
 
 3 Answers
  
  
  
 
 
 
 
1
 
 
  
 
 
 
 
 
 
DOMAIN_NAME = ''

CSRF_COOKIE_NAME = 'localhost_csrf'    
CSRF_COOKIE_DOMAIN = DOMAIN_NAME

 
If your server is running at http://127.0.0.1:8000/, 
 Empty string is the answer.
 
DOMAIN_NAME = ''
 
 
To enter a block of code:
 
     
  • enter empty line after your previous text
    •  
  • paste or type the code
    •  
  • select the code and press the  button above
    •  
 
Preview: (hide)
  
 
 
 
 
 
 oguma's avatar

      11
    
 
 
 
 oguma 
 
 
    answered 13 years ago,
        
    updated 13 years ago 
 
 
 
 
     link   
 
 
 
Comments
 
 
 
 
  
 
 
 
Revisiting an old issue: I was recently testing on G Chrome running on http://127.0.0.1:8000/, and getting the "CSRF verification failed" error. Initially, I had /DOMAIN_NAME = 'localhost'/, so I switched to /DOMAIN_NAME = ''/ as you point out, and the error went away. But then I switched back to  /DOMAIN_NAME = 'localhost'/, and the error is not there anymore on subsequent server runs. So somewhere it seems there is a bug/feature where DOMAIN_NAME = 'localhost', will not work initially, but will work if the cookie has been set earlier by using the blank domain name (?!).
 
 
 Basel Shishani's avatar Basel Shishani (12 years ago)   
 
 
  
 
 
  
 
 
 
This solution worked for me.
 
 
 Cerin's avatar Cerin (11 years ago)   
 
 
  
 
  see more comments  
 
 
 
   
 
 
 
 
0
 
 
  
 
 
 
 
 
 
Please put instead an IP address - the 'localhost' value won't work.
 
Usually you get '127.0.0.1' as the localhost IP address.
 
 
To enter a block of code:
 
     
  • enter empty line after your previous text
    •  
  • paste or type the code
    •  
  • select the code and press the  button above
    •  
 
Preview: (hide)
  
 
 
 
 
 
 Evgeny's avatar

      13.2k
    
 
 
 
 Evgeny 
 
 
    answered 13 years ago 
 
 
 
 
     link   
 
 
 
Comments
 
 
 
 
  
 
 
 
I have the same problem. I tried the localhost IP address, but the CSRF error persists. I also tried the ip that my internet provider gives me (dynamic), but no dice.
 
 
 quesada's avatar quesada (13 years ago)   
 
 
  
 
 
  
 
 
 
For example, you should have:  CSRF_COOKIE_DOMAIN = '127.0.0.1', without the http:// prefix and without the port number, what is in your file? Of course you need to have either the real IP address or host name, if the host is remote, but for the local host the 127.0.0.1 should work.
 
 
 Evgeny's avatar Evgeny (13 years ago)   
 
 
  
 
 
  
 
 
 
CSRF_COOKIE_DOMAIN = '127.0.0.1'is exactly what I have, but I still get thes CSRF error when a form button is pressed.
 
 
 quesada's avatar quesada (13 years ago)   
 
 
  
 
 
  
 
 
 
Is that your local computer or a remote server?
 
 
 Evgeny's avatar Evgeny (13 years ago)   
 
 
  
 
 
  
 
 
 
This is a local computer. Maybe I can use the hosts file to redirect some domain name (say test.com) to localhost, and use such domain in the CSRF_ COOKIE _DOMAIN? 
 
 
 quesada's avatar quesada (13 years ago)   
 
 
  
 
  see more comments  
 
 
 
   
 
 
 
 
0
 
 
  
 
 
 
 
 
 
Sorry this is not an answer, but I can't add comments - probably not available for new users.
 
I'm having the exact same issue on Debian Squeeze. I get it when I follow 
'Create a password-protected account' for creating the first (admin) account:
 
http://127.0.1.1:8000/account/signup/?login_provider=local

 
I Installed Askbot (and django) using pip. I tried both localhost and the ip style, and tried everything mentioned above:
 
     
  • added 'django.middleware.csrf.CsrfViewMiddleware', 'django.middleware.csrf.CsrfResponseMiddleware',
    •  
  • 'django.core.context_processors.csrf' is there.
    •  
 
The CSRF token is there in the form, but I notice there are two of them - is that normal ?!
 
<form id="signin-form" method="post" action="/account/signin/"><div style='display:none;'>
<input type='hidden' id='csrfmiddlewaretoken' name='csrfmiddlewaretoken' value='0e488724a595cc9099ff83aa7ee2ac27' /></div>
<div style='display:none'>
<input type='hidden' name='csrfmiddlewaretoken' value='0e488724a595cc9099ff83aa7ee2ac27' /></div>

 
 
To enter a block of code:
 
     
  • enter empty line after your previous text
    •  
  • paste or type the code
    •  
  • select the code and press the  button above
    •  
 
Preview: (hide)
  
 
 
 
 
 
 Basel Shishani's avatar

      197
    
 
 
 
 Basel Shishani 
 
 
    answered 13 years ago 
 
 
 
 
     link   
 
 
 
Comments
 
 
 
 
  
 
 
 
You need to disable the middleware and leave only the context processor.
 
 
 Evgeny's avatar Evgeny (13 years ago)   
 
 
  
 
 
  
 
 
 
Same story:Forbidden (403)
 
CSRF verification failed. Request aborted.
 
 
 Basel Shishani's avatar Basel Shishani (13 years ago)   
 
 
  
 
 
  
 
 
 
Is this something I need to investigate at Django level? Askbot is not doing anything special with CSRF - right?!
 
 
 Basel Shishani's avatar Basel Shishani (13 years ago)   
 
 
  
 
 
  
 
 
 
No, if you set up askbot following the instructions - it should work, and test with runserver first. The key is to set the CSRF_COOKIE_DOMAIN correctly. If you still have problems maybe you could let me log in to your server and check? You can also email me your settings.py file.
 
 
 Evgeny's avatar Evgeny (13 years ago)   
 
 
  
 
  see more comments