Author
Updates
Views
Downloads
Type
=============================
NOTES
=============================
Error 403 after upgrading Django from 3.2.19 to 5.1.0 GitHub #41
=============================
ERROR DETAILS
=============================
Error Message: Forbidden (403)
CSRF verification failed. Request canceled.
Help
Reason given for failure:
Origin checking failed -
null not match any trusted origins.
Error Code: Error 403 forbidden
Error Source/Location: somewhere in production environment.
Stack Trace: None
=============================
CONTEXT INFORMATION
=============================
User ID: All
Operation/Function:Login/Signup
Input Parameters: user credentials.
HTTP Request (if applicable): 403
=============================
SYSTEM INFORMATION
=============================
Operating System: Independent
Programming Language: Python
Framework/Libraries: Django and Bootstrap
Changed in Django 4.0:
Origin header checking isn’t performed in older versions.
Added CSRF_TRUSTED_ORIGIN to settings and tested in production, still same problem. One thing to be noted is this problem doesn't occur in development environment and all the similar question dealing issue with origin not being in trusted origin, this is where our issue become unique, in our case request origin was simply null.
This seemed a promising approach in isolating the issue as we were getting null as origin, so this must have to do with that, so removed the proxy and fell back to Cloudflare only as DNS resolver, this didn't resolve the issue, for next test removed the DNS for request and requested directly to web server, still same issue.
add_header P3P 'CP="ALL DSP COR PSAa PSDa OUR NOR ONL UNI COM NAV"';
No idea about how/why this works but some comments mentioned it as hacky solution which might become security risk, so have to look into it.