Trouble with CORS / SORS / CSRF (Win 10 / Chrome)

I am currently proceeding nicely through the Codecademy Django course but running into a familiar problem POSTing, PUTting…

Forbidden (403) - CSRF cookie not set

I’ve looked online and know it’s to do with my browser and CORS. I’m using Chrome, I’ve gone into all the settings and allowed cookies and stuff but not sure exactly where I tell it to allow it. I’m getting same error in Firefox.

Error mentions ‘{% csrf token %}’ but the html files provided have them where they should be.

I’m very confused by all this and had this problem on other courses too. How do I tell my browser / system to let me do what I want to do?

I have tried to look for the answers myself online but running into advice like - running Chrome from the CLI with ‘–disable-web-security’ - and that doesn’t seem ideal for what I’m trying to do.

I know my code is sound (ha ha?) and have been able to interrogate my Models (CRUD) from the Python shell but can only achieve the (R) bit from within HTML.

Further investigating… I’ve disabled ‘django.middleware.csrf.CsrfViewMiddleware’ in ‘settings.py’ and now getting different errors telling me ‘There is no URL to redirect to’.
Interestingly, amongst the verbose error message, I can observe that a ‘csrfmiddlewaretoken’ and corresponding value has been generated in my POST request.

Oh what to do…

adding ‘localhost’ to ALLOWED_HOSTS might have actually worked, so…

ALLOWED_HOSTS = [‘localhost’]

might be what I was looking for. I seem to able to add, edit, delete, albeit in a clumsy fashion now. Now to figure what the problem with the home page (which was ok?) is…

I presume that when you say “html files”, you mean a template which you’re rendering using the render() helper?

Yes, sorry I meant the templates to be rendered but think I’ve cracked it…
I need to include ‘localhost’ in the list of allowed hosts in whatever configuration file is being read from
(Django projects - settings.py - ALLOWED_HOSTS = [‘localhost’]) worked and can now interact with DB properly.
I made some huge leaps in understanding yesterday once I’d overcome this obstacle :slight_smile:

1 Like