问题
I have a working login template that does a post and looks like:
<form action="" method="post">
{% csrf_token %}
<br>
{{form.email}}
<div class="text-center">
<button type="submit">Login</i></button>
</div>
</form>
My SSL settings look like:
ssl
SECURE_SSL_REDIRECT = False
SECURE_HSTS_SECONDS = 3600
SESSION_COOKIE_SECURE = False
SECURE_PROXY_SSL_HEADER = None
CSRF_COOKIE_SECURE = False
I made two changes. I switched to an aws ec2 elastic load balancer and from https to http.
Now I am getting an error:
Forbidden (403) CSRF verification failed. Request aborted.
You are seeing this message because this site requires a CSRF cookie when submitting forms. This cookie is required for security reasons, to ensure that your browser is not being hijacked by third parties.
If you have configured your browser to disable cookies, please re-enable them, at least for this site, or for 'same-origin' requests.
Does anyone know why this is occurring?
回答1:
I must have a stale cookie. When I go to Chrome incognito mode, all works as would expect with a 200 response.
回答2:
Forbidden (403) CSRF verification failed. Request aborted.
You are seeing this message because this site requires a CSRF cookie when submitting forms. This cookie is required for security reasons, to ensure that your browser is not being hijacked by third parties.
If you have configured your browser to disable cookies, please re-enable them, at least for this site, or for 'same-origin' requests.
More information is available with DEBUG=True.
来源:https://stackoverflow.com/questions/48468640/django-posts-receive-csrf-verification-failed-after-switching-to-load-balancer