Lightrun
question-mark
Stuck on an issue?

Lightrun Answers was designed to reduce the constant googling that comes with debugging 3rd party libraries. It collects links to all the places you might be looking at while hunting down a tough bug.

And, if you’re still stuck at the end, we’re happy to hop on a call to see how we can help out.

Problem with HTTPS/SSL, CSRF_TRUSTED_ORIGINS not working.

See original GitHub issue

So I hit an issue while porting my site to use HTTPS.

Everything worked fine with HTTP but after switching to HTTPS I kept getting

Response to preflight request doesn't pass access control check: No 'Access-Control-Allow-Origin' header is present on the requested resource.

The workaround was to set CORS_ORIGIN_ALLOW_ALL to True, which I am not that happy with.

The peculiar thing was the error popped up only on the URL’s/resources when Django was trying to set some Sessions(like logging in etc.) So maybe there is a conflict in how CORS behaves on these resources on browsers?

Issue Analytics

  • State:closed
  • Created 6 years ago
  • Comments:6 (3 by maintainers)

github_iconTop GitHub Comments

1reaction
jordanmkonczcommented, May 7, 2018

I think I ran into the same or a similar issue. I was trying to add my front-end to CORS_ORIGIN_WHITELIST and it just wasn’t working; the request always failed with the “Response to preflight request doesn’t pass access control check…” error that @parth-choudhary was getting. My front-end is only accessible via HTTPS.

I tried CORS_ORIGIN_WHITELIST = ['app.mysite.com'], and CORS_ORIGIN_WHITELIST = ['app.mysite.com', 'https://app.mysite.com'], and neither of these worked.

However, CORS_ORIGIN_WHITELIST = ['https://app.mysite.com', 'app.mysite.com'] does seem to be working correctly. So it seems like it’s necessary to include the HTTPS version of the origin, and it also must be included before the non-HTTPS version.

0reactions
adamchainzcommented, Aug 15, 2017

It isn’t being cached outside of the python process, and if you’re restarting that fine it should be working. Maybe something changed outside of Djangoland e.g. in gunicorn/nginx config?

Read more comments on GitHub >

github_iconTop Results From Across the Web

Forbidden (403) CSRF verification failed. Request aborted ...
In general, this can occur when there is a genuine Cross Site Request Forgery, or when Django's CSRF mechanism has not been used...
Read more >
[BUG] Login fails due to CSRF issue - (Origin checking failed
After setting up PAPERLESS_URL login is failing with "CSRF ... issue - (Origin checking failed - null does not match any trusted origins.) ......
Read more >
403 Forbidden, CSRF verification failed. Referer checking ...
I get this error only when i use Chrome, not in IE or Firefox or Opera (this is based on Chrome) Forbidden (403)...
Read more >
Forbidden (403) CSRF verification failed. Request aborted.
In general, this can occur when there is a genuine Cross Site Request Forgery, or when Django's CSRF mechanism has not been used...
Read more >
Get 403 Forbidden Error, when i use a post method
Hey I get this error, when i use a post method for register page. The Error: Forbidden (403) CSRF verification failed. Request canceled....
Read more >

github_iconTop Related Medium Post

No results found

github_iconTop Related StackOverflow Question

No results found

github_iconTroubleshoot Live Code

Lightrun enables developers to add logs, metrics and snapshots to live code - no restarts or redeploys required.
Start Free

github_iconTop Related Reddit Thread

No results found

github_iconTop Related Hackernoon Post

No results found

github_iconTop Related Tweet

No results found

github_iconTop Related Dev.to Post

No results found

github_iconTop Related Hashnode Post

No results found
Previous page

Latest version of the lib in pypi still doesn't support Django 2.0

Next page

When 'localhost' '127.0.0.1' 'No 'Access-Control-Allow-Origin' header is present on the requested resource'