I have an app platform app running Django.
When I try to log into the django admin panel I get the following error:
# Forbidden (403)
CSRF verification failed. Request aborted.
## Help
Reason given for failure:
Origin checking failed - https://xxxxxxxxxxxx.ondigitalocean.app does not match any trusted origins.
I have run a few different app platform apps before using the DO Django tutorial (https://docs.digitalocean.com/tutorials/app-deploy-django-app/) and have not encountered this. The only things I’ve changed this time are:
I don’t really know where to start with tracking this down, is it a problem with my settings.py config? Is it a problem with the DB?
Any advice is appreciated.
This textbox defaults to using Markdown to format your answer.
You can type !ref in this text area to quickly search our full set of tutorials, documentation & marketplace offerings and insert the link!
These answers are provided by our Community. If you find them useful, show some love by clicking the heart. If you run into issues leave a comment, or add your own answer to help others.
Sign up for Infrastructure as a Newsletter.
Working on improving health and education, reducing inequality, and spurring economic growth? We'd like to help.
Get paid to write technical tutorials and select a tech-focused charity to receive a matching donation.
Hi there,
Indeed as you mentioned, this is usually related to the
ALLOWED_HOSTS
not being set correctly in yoursettings.py
file.Here’s what you could try out you can debug this:
Check your ALLOWED_HOSTS setting: The
ALLOWED_HOSTS
setting in your Djangosettings.py
file should include the hostname that you’re seeing in the error message. In this case, you should have something like:Or, if you want to allow all subdomains as well:
The
ALLOWED_HOSTS
setting is a list of strings representing the host/domain names that this Django site can serve. If DEBUG is set to False and you’re getting this error, it’s probably because the hostname isn’t listed inALLOWED_HOSTS
.Check your CSRF_TRUSTED_ORIGINS setting: If your Django project is served via multiple domain names and you’re using HTTPS, you should also check the
CSRF_TRUSTED_ORIGINS
setting. This setting is a list of hosts which are trusted origins for ‘safe’ HTTP methods. Hosts in this list can send cross-subdomain requests to other hosts also in this list, over HTTPS.Or if you want to allow all subdomains:
Let me know how it goes!
Best,
Bobby