Hi Aldian, thanks for the insight.
We don't set "CSRF_COOKIE_SECURE = True", django defaults it to False,
allowing cookies to be sent to non https connections, however that being
said we know that the error occurs even on https.
We redirect all our traffic to https as well.
On Wednesday, Ma
Yusuf, did you use
CSRF_COOKIE_SECURE = True
and access the website using http instead of https?
https://stackoverflow.com/questions/17716624/django-csrf-cookie-not-set
On Wed, May 22, 2019 at 6:18 PM Yusuf Musleh wrote:
> Hello Aldian,
>
> Thank you for your reply.
>
> That was one of the very
Hello Aldian,
Thank you for your reply.
That was one of the very first things we investigated, but it does not seem
to be the case, as the error happens sometimes when the page/form is still
fresh, in addition to that, the error message would have been different if
the token in the form expire
The form page itself can expire if you let it readily opened in a browser
tab for hours. If I did that and I didn't reload my form before using it,
I will get a CSRF error.
There several ideas to fix it. The point is to have CSRF cookie to always
fresh, and your form will use that cookie instead
4 matches
Mail list logo
