I have just migrated after having django-registration to Django-userena just because it is more maintained and after setting everything up and I try to make a test account, I am prompted with the following 403 message:
Forbidden (403) CSRF verification failed.
CSRF token missing or incorrect.
Any ideas on how to fix this or where I can find the files to Django-userena to investigate?
Any help would be nice.
make sure that you have {% csrf_token %} inside the <form></form> tags, in template where user creation form located.
if you are using virtualenv, files to Django-userena should be in
{your environment}/lib/python*/site-packages/userena
Related
I'm reconfiguring my CDN and I want to begin caching pages that use csrf tokens for form submission. Currently, I'm submitting the csrf token with javascript in a post request with:
axios.defaults.headers.post['X-CSRFToken'] = getCookie('csrftoken')
This works pretty well locally and allowed me to remove the csrf tokens from the templates.
This obviously will not work if I'm accessing cached pages from the CDN. So is it possible for me to fetch a csrf token from the server using Axios and subsequently set it in a post request? If so how do I do this?
An alternative approach would be to disable csrf which I tried already but I couldn't fully disable it. If you are signed into admin csrf protection is automatically enabled even on your frontend forms, I couldn't figure out how to remove this not sure if it's a wagtail or django thing.
I'm using Django 2.2 + Wagtail 2.11.
I'm trying to run this library. I downloaded and copied it on my desktop, then i tried to run it using:
py -3.7 manage.py runserver
I got:
Starting development server at http://127.0.0.1:8000/
Quit the server with CTRL-BREAK.
But when i go to that url i keep getting this error:
Page not found (404)
Request Method: GET
Request URL: http://127.0.0.1:8000/
Using the URLconf defined in django_google_authenticator.urls, Django tried these URL patterns, in this order:
^admin/login/$
^admin/
The empty path didn't match any of these.
I don't understand what's wrong, can someone help me? Thanks in advance!
I think thats the normal behavour of Django, as you can see it is saying that your path didn't match any of the configured ones, like admin, so why don't you try http://127.0.0.1:8000/admin/to access Django Admin login page.
If you want to see something different from a 404 with the base url you need to configure your urls and maybe add a redirect view, in that way when the base url is use it will redirect to your admin or other preferred page.
I am producing a django/angular project. Django being the backend administration and Angular being the frontend/public display. I have created a Django 1.11 app and loaded all files, installed dependencies, etc. Locally, the site works fine and as expected. Also, since forms will be Angular js I commented out the django.middleware.csrf.CsrfViewMiddleware in my settings.py which I thought would disable the csrf token even being needed, but apparently not.
After setting up server and installing files the admin login page appears but I get the following error when I try and login:
Forbidden (CSRF token missing or incorrect.): /admin/login/
Any ideas on why this is happening would be greatly appreciated.
You can't commented out the 'django.middleware.csrf.CsrfViewMiddleware' in your settings.py, The CSRF middleware provides easy-to-use protection against Cross Site Request Forgeries. Since you are using Augualr js instead of django forms and views, you can set the csrftoken cookie in your browser cookies. Check this for detail: https://docs.djangoproject.com/en/1.11/ref/csrf/#module-django.middleware.csrf
I am experimenting with adding an anchor tag in the file "course_outline.html" in the template folder of cms. I want the user to be redirected to another page on clicking this. For experimentation I am doing <a href="<% url upload_transcripts %>".. >.( Note that upload_transcripts is already defined in urls.py in the cms folder as url(r'^transcripts/upload$', 'contentstore.views.upload_transcripts', name='upload_transcripts')
)
This is giving an error. In particular the error page saying 'The studio servers encountered an error' and nothing else. Note that I have already tried <a href="{% url upload_transcripts %}" .. > with no success . Can someone help with this ?
Environment: Devstack version in Ubuntu 12.04
open-edx is using mako templating its syntax is diffrent from jinja templating , the error occured to you will be a syntax error.
You can use reverse function in django urlresolvers
try this
${_('Redirect')}.
dont forget to import it in your html
from django.core.urlresolvers import reverse
I ended up created a new views.py and editing the urls.py. This seems to have solved my problem.
I'm trying to use my 403, 404, 500 custom templates in Django 1.5 .
404 and 500 work perfectly, but 403 still showing me the built-in Django 403 template.
I put all three templates in the root template directory in my project.
They are named : 403.html, 404.html, 500.html
I also tried using:
urls.py:
from django.utils.functional import curry
handler403 = curry(permission_denied, template_name='403.html')
and also:
urls.py:
handler403 = 'proj_name.views.my_custom_permission_denied_view'
proj_name/views.py
def my_custom_permission_denied_view(request):
return ethoos_response('403.html', None, request)
Both methods do not work. Also in 404 and 500 I use none of these methods, just the templates inside the template directory, and they are shown.
All three suppose to work the same way according to Django's documentation.
https://docs.djangoproject.com/en/1.5/topics/http/views/#the-403-http-forbidden-view
I have no idea why only 403 doesn't.
Thanks.
For regular 403 permission denied pages, creating the 403.html template should work.
However, for CSRF errors (which also return status code 403), you should create a 403_csrf.html template instead.
Creating a 403_csrf.html template works in Django 1.10+. For earlier versions, you had to change the CSRF_FAILURE_VIEW setting to the view you want to use.
See the CSRF docs for more info.
There was a discussion about why the CSRF failure view behaves differently in the Django-developers mailing list this week.
You need to use 403_csrf.html.