Ask Your Question
0

Create Admin User Error - "CSRF verification failed. Request aborted."

asked 2011-12-06 01:02:48 -0600

william gravatar image

updated 2011-12-06 08:26:56 -0600

Evgeny gravatar image

I have installed a version of Askbot on my local machine (Mac OSX). It works fine, except that it won't let me lot into the admin at all, so I cannot create an admin user.

I get the message "CSRF verification failed. Request aborted." when I try to log into admin/create a user profile.

I see previous threads suggest this is due to to mis-configuration of CSRF_COOKIE_DOMAIN in settings.py. I have set this to 'localhost' -- this obviously is not working.

A separate thread on Django suggested I solve the problem by adding two lines to settings.py Middleware section -- this did not work either:

'django.middleware.csrf.CsrfViewMiddleware', 'django.middleware.csrf.CsrfResponseMiddleware',

Any suggestions for me?

edit retag flag offensive close merge delete

3 Answers

Sort by ยป oldest newest most voted
0

answered 2011-12-06 07:21:49 -0600

Evgeny gravatar image

Please put instead an IP address - the 'localhost' value won't work.

Usually you get '127.0.0.1' as the localhost IP address.

edit flag offensive delete link more

Comments

I have the same problem. I tried the localhost IP address, but the CSRF error persists. I also tried the ip that my internet provider gives me (dynamic), but no dice.

quesada gravatar imagequesada ( 2011-12-11 21:14:16 -0600 )edit

For example, you should have: CSRF_COOKIE_DOMAIN = '127.0.0.1', without the http:// prefix and without the port number, what is in your file? Of course you need to have either the real IP address or host name, if the host is remote, but for the local host the 127.0.0.1 should work.

Evgeny gravatar imageEvgeny ( 2011-12-11 21:18:23 -0600 )edit

CSRF_COOKIE_DOMAIN = '127.0.0.1'is exactly what I have, but I still get thes CSRF error when a form button is pressed.

quesada gravatar imagequesada ( 2011-12-12 13:57:45 -0600 )edit

Is that your local computer or a remote server?

Evgeny gravatar imageEvgeny ( 2011-12-12 14:01:55 -0600 )edit

This is a local computer. Maybe I can use the hosts file to redirect some domain name (say test.com) to localhost, and use such domain in the CSRF_ COOKIE _DOMAIN?

quesada gravatar imagequesada ( 2011-12-12 15:48:31 -0600 )edit
1

answered 2012-03-13 10:39:59 -0600

oguma gravatar image

updated 2012-03-13 10:53:08 -0600

DOMAIN_NAME = ''

CSRF_COOKIE_NAME = 'localhost_csrf'    
CSRF_COOKIE_DOMAIN = DOMAIN_NAME

If your server is running at http://127.0.0.1:8000/,
Empty string is the answer.

DOMAIN_NAME = ''

edit flag offensive delete link more

Comments

Revisiting an old issue: I was recently testing on G Chrome running on http://127.0.0.1:8000/, and getting the "CSRF verification failed" error. Initially, I had /DOMAIN_NAME = 'localhost'/, so I switched to /DOMAIN_NAME = ''/ as you point out, and the error went away. But then I switched back to /DOMAIN_NAME = 'localhost'/, and the error is not there anymore on subsequent server runs. So somewhere it seems there is a bug/feature where DOMAIN_NAME = 'localhost', will not work initially, but will work if the cookie has been set earlier by using the blank domain name (?!).

Basel Shishani gravatar imageBasel Shishani ( 2012-06-15 02:10:21 -0600 )edit

This solution worked for me.

Cerin gravatar imageCerin ( 2013-05-29 14:29:59 -0600 )edit
0

answered 2011-12-14 02:28:03 -0600

Basel Shishani gravatar image

Sorry this is not an answer, but I can't add comments - probably not available for new users.

I'm having the exact same issue on Debian Squeeze. I get it when I follow 'Create a password-protected account' for creating the first (admin) account:

http://127.0.1.1:8000/account/signup/?login_provider=local

I Installed Askbot (and django) using pip. I tried both localhost and the ip style, and tried everything mentioned above:

  • added 'django.middleware.csrf.CsrfViewMiddleware', 'django.middleware.csrf.CsrfResponseMiddleware',

  • 'django.core.context_processors.csrf' is there.

The CSRF token is there in the form, but I notice there are two of them - is that normal ?!

<form id="signin-form" method="post" action="/account/signin/"><div style='display:none;'>
<input type='hidden' id='csrfmiddlewaretoken' name='csrfmiddlewaretoken' value='0e488724a595cc9099ff83aa7ee2ac27' /></div>
<div style='display:none'>
<input type='hidden' name='csrfmiddlewaretoken' value='0e488724a595cc9099ff83aa7ee2ac27' /></div>
edit flag offensive delete link more

Comments

You need to disable the middleware and leave only the context processor.

Evgeny gravatar imageEvgeny ( 2011-12-14 06:16:40 -0600 )edit

Same story:Forbidden (403)

CSRF verification failed. Request aborted.

Basel Shishani gravatar imageBasel Shishani ( 2011-12-15 10:35:17 -0600 )edit

Is this something I need to investigate at Django level? Askbot is not doing anything special with CSRF - right?!

Basel Shishani gravatar imageBasel Shishani ( 2011-12-15 10:39:43 -0600 )edit

No, if you set up askbot following the instructions - it should work, and test with runserver first. The key is to set the CSRF_COOKIE_DOMAIN correctly. If you still have problems maybe you could let me log in to your server and check? You can also email me your settings.py file.

Evgeny gravatar imageEvgeny ( 2011-12-15 10:49:16 -0600 )edit

Your Answer

Please start posting anonymously - your entry will be published after you log in or create a new account.

Add Answer

Question Tools

1 follower

Stats

Asked: 2011-12-06 01:02:48 -0600

Seen: 5,330 times

Last updated: Mar 13 '12