I have literally set this up today just to prove that it happens for every Django project setup!!!
So this is my settings : """ Django settings for DjangoTest project. Generated by 'django-admin startproject' using Django 4.1.7. For more information on this file, see https://docs.djangoproject.com/en/4.1/topics/settings/ For the full list of settings and their values, see https://docs.djangoproject.com/en/4.1/ref/settings/ """ from pathlib import Path # Build paths inside the project like this: BASE_DIR / 'subdir'. BASE_DIR = Path(__file__).resolve().parent.parent # Quick-start development settings - unsuitable for production # See https://docs.djangoproject.com/en/4.1/howto/deployment/checklist/ # SECURITY WARNING: keep the secret key used in production secret! SECRET_KEY = 'django-insecure-zb-=l4$q!2t@wjwt!@cp#rz=16v0l)#uai#7h(u4n8eie@ddt%' # SECURITY WARNING: don't run with debug turned on in production! DEBUG = True ALLOWED_HOSTS = [] # Application definition INSTALLED_APPS = [ 'django.contrib.admin', 'django.contrib.auth', 'django.contrib.contenttypes', 'django.contrib.sessions', 'django.contrib.messages', 'django.contrib.staticfiles', ] MIDDLEWARE = [ 'django.middleware.security.SecurityMiddleware', 'django.contrib.sessions.middleware.SessionMiddleware', 'django.middleware.common.CommonMiddleware', 'django.middleware.csrf.CsrfViewMiddleware', 'django.contrib.auth.middleware.AuthenticationMiddleware', 'django.contrib.messages.middleware.MessageMiddleware', 'django.middleware.clickjacking.XFrameOptionsMiddleware', ] ROOT_URLCONF = 'DjangoTest.urls' TEMPLATES = [ { 'BACKEND': 'django.template.backends.django.DjangoTemplates', 'DIRS': [], 'APP_DIRS': True, 'OPTIONS': { 'context_processors': [ 'django.template.context_processors.debug', 'django.template.context_processors.request', 'django.contrib.auth.context_processors.auth', 'django.contrib.messages.context_processors.messages', ], }, }, ] WSGI_APPLICATION = 'DjangoTest.wsgi.application' # Database # https://docs.djangoproject.com/en/4.1/ref/settings/#databases DATABASES = { 'default': { 'ENGINE': 'django.db.backends.sqlite3', 'NAME': BASE_DIR / 'db.sqlite3', } } # Password validation # https://docs.djangoproject.com/en/4.1/ref/settings/#auth-password-validators AUTH_PASSWORD_VALIDATORS = [ { 'NAME': 'django.contrib.auth.password_validation.UserAttributeSimilarityValidator', }, { 'NAME': 'django.contrib.auth.password_validation.MinimumLengthValidator', }, { 'NAME': 'django.contrib.auth.password_validation.CommonPasswordValidator', }, { 'NAME': 'django.contrib.auth.password_validation.NumericPasswordValidator', }, ] # Internationalization # https://docs.djangoproject.com/en/4.1/topics/i18n/ LANGUAGE_CODE = 'en-us' TIME_ZONE = 'UTC' USE_I18N = True USE_TZ = True # Static files (CSS, JavaScript, Images) # https://docs.djangoproject.com/en/4.1/howto/static-files/ STATIC_URL = 'static/' # Default primary key field type # https://docs.djangoproject.com/en/4.1/ref/settings/#default-auto-field DEFAULT_AUTO_FIELD = 'django.db.models.BigAutoField' On Sunday, March 12, 2023 at 9:46:04 AM UTC Muhammad Juwaini Abdul Rahman wrote: > I think you need to add the following in settings.py: > > CSRF_TRUSTED_ORIGIN = ('<your_web_url>') > > > > On Sun, 12 Mar 2023 at 02:04, James Hunt <newbyp...@gmail.com> wrote: > >> Hi there. I am fairly new to Django but have had previous success with >> creating an app and being able to access the Admin page. >> Recently, if I attempt to access the admin page of a new Django app it >> throws the CSRF error upon trying to log in!!! >> >> I have attempted several ways to bypass this error including adding >> allowed hosts but I cant seem to get past this issue. >> >> Can someone please provide me with the definitive way of stopping CSRF >> error when simply trying to access the admin part of Django? I mean there >> are no post functions that really apply to this feature so I cant >> understand the CSRF token. >> >> I cant get past this issue which means I can never access the admin page!! >> >> Please help. >> >> Regards >> >> James >> >> -- >> > You received this message because you are subscribed to the Google Groups >> "Django users" group. >> To unsubscribe from this group and stop receiving emails from it, send an >> email to django-users...@googlegroups.com. >> To view this discussion on the web visit >> https://groups.google.com/d/msgid/django-users/e13c7765-831e-45c5-b091-c8fcfbed19c5n%40googlegroups.com >> >> <https://groups.google.com/d/msgid/django-users/e13c7765-831e-45c5-b091-c8fcfbed19c5n%40googlegroups.com?utm_medium=email&utm_source=footer> >> . >> > -- You received this message because you are subscribed to the Google Groups "Django users" group. To unsubscribe from this group and stop receiving emails from it, send an email to django-users+unsubscr...@googlegroups.com. To view this discussion on the web visit https://groups.google.com/d/msgid/django-users/28134e83-7155-44dc-8769-d59f18ad6083n%40googlegroups.com.
