Thursday, 12 November 2020

How to solve CSRF "Forbidden Cookie not set" error in Django?

I am using Angular 8 as frontend and Django 1.11.18 as backend. I am running my Angular project on https://127.0.0.1:4200 through command ng server --ssl true and Django API's are deployed on a separate redhat server and can be accessed through https://192.xxx.x.xx:7002/

My Login is a GET Request that returns success response with csrf token in header but cookies are not received on the browser at that time and when I call my POST request this cause "Forbidden" error due to CSRF Token.

Middleware in my settings.py is:

MIDDLEWARE = [
        'Common.customMiddleware.ProcessRequest',
        'django.middleware.security.SecurityMiddleware',
        'django.middleware.locale.LocaleMiddleware',
        'django.contrib.sessions.middleware.SessionMiddleware',
        'corsheaders.middleware.CorsMiddleware',
        'django.middleware.common.CommonMiddleware',
        'django.middleware.csrf.CsrfViewMiddleware',
        'django.contrib.auth.middleware.AuthenticationMiddleware',
        'django.contrib.messages.middleware.MessageMiddleware',
        'django.middleware.clickjacking.XFrameOptionsMiddleware',
        
    ]

I have also added:

CSRF_TRUSTED_ORIGINS = ["127.0.0.1","192.xxx.x.xx"]

but still cookies are not received on the browser enter image description here

Any kind of help will be appreciated. One thing more I would like to mention is that When I deploy the Angular project on the same server on which Django API's are applied then application works fine.



from How to solve CSRF "Forbidden Cookie not set" error in Django?

No comments:

Post a Comment