I have a django site that runs fine locally but when trying to deploy with AWS elastic beanstalk I get the following error when I try to login (using django allauth)

Forbidden (403) CSRF verification failed. Request aborted.

The logs state:

Forbidden (CSRF cookie not set.): /accounts/login/

My settings.py middleware has:

MIDDLEWARE = [
    "django.middleware.security.SecurityMiddleware",
    "whitenoise.middleware.WhiteNoiseMiddleware",
    "django.contrib.sessions.middleware.SessionMiddleware",
    "django.middleware.locale.LocaleMiddleware",
    "django.middleware.common.CommonMiddleware",
    "django.middleware.csrf.CsrfViewMiddleware",
    "django.contrib.auth.middleware.AuthenticationMiddleware",
    "django.contrib.messages.middleware.MessageMiddleware",
    "django.middleware.common.BrokenLinkEmailsMiddleware",
    "django.middleware.clickjacking.XFrameOptionsMiddleware",
]

The form has a csrf_token:

<form class="login" method="POST" action="{% url 'account_login' %}">
  {% csrf_token %}
  {{ form|crispy }}
  {% if redirect_field_value %}
  <input type="hidden" name="{{ redirect_field_name }}" value="{{ redirect_field_value }}" />
  {% endif %}
  <a class="button secondaryAction" href="{% url 'account_reset_password' %}">{% trans "Forgot Password?" %}</a>
  <button class="primaryAction btn btn-primary" type="submit">{% trans "Sign In" %}</button>
</form>

Any advice as to how to fix and why it runs ok locally but not when deployed appreciated

CodePudding user response：

Try to reorder the middlewares. They are exequted sequentially. So any middleware passes the request to the next and if something has been blocked it will not be available for the next middleware and so on

CodePudding user response：

Try SESSION_COOKIE_SECURE = True in settings.py to secure your cookie.

This error occurs when cookies are not secure. Maybe debug is True, make sure it's False (DEBUG = False).

Reorder your middleware list, sometimes it happens because of the order of middlewares.