Sign Up to our social questions and Answers Engine to ask questions, answer people’s questions, and connect with other people.
Login to our social questions & Answers Engine to ask questions answer people’s questions & connect with other people.
Lost your password? Please enter your email address. You will receive a link and will create a new password via email.
Please briefly explain why you feel this question should be reported.
Please briefly explain why you feel this answer should be reported.
Please briefly explain why you feel this user should be reported.
I am trying to submit a non-ssl wrapped page to an ssl wrapped page, but I get this error.
CSRF verification failed. Request aborted.
Reason given for failure:
Referer checking failed - http://<domain>/ does not match https://<domain>/.
That is, I am trying to submit a username/password page to the login method.
How can I do this without getting this error?
Thanks
ERic
If you consider it to be safe, here’s how to specifically exempt a normal view from CSRF checking.
However, I’m assuming you’re talking about the
contrib.authviews, then you may have to write your own custom version and apply the@csrf_exemptdecorator instead of the one that enforces it (ie, copy, paste, change decorator on the method – it’s not as painful as it sounds).Absolutely worst-case, sledgehammer-to-crack-nut solution: force-disable CSRF altogether, for all views, even
django.contrib.*ones that try to enforce CSRF. Upside is you don’t have to hack/fork contrib modules; downside is – well – no CSRF…