New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

[Django 4.2] Django>=4.0 must include both scheme and host in CSRF_TRUSTED_ORIGINS #33228

Open

UsamaSadiq opened this issue Sep 12, 2023 · 1 comment

Member

UsamaSadiq commented Sep 12, 2023 •

edited by mumarkhan999

Loading

Django 4.0 and above

For Django 4.0 and above, CSRF_TRUSTED_ORIGINS must include scheme and host, e.g.:

https://dummy.example.com

Django 3.2 and lower

For Django 3.2 and lower, CSRF_TRUSTED_ORIGINS must contain only the hostname, without a scheme:

.example.com

Reference release notes documentation

https://docs.djangoproject.com/en/3.2/ref/settings/#csrf-trusted-origins
https://docs.djangoproject.com/en/4.0/ref/settings/#csrf-trusted-origins
Further details on this change can be read in https://forum.djangoproject.com/t/django-4-0-wildcard-subdomain-preventing-from-setting-csrf-token/11599/28.

The text was updated successfully, but these errors were encountered:

UsamaSadiq mentioned this issue

feat!: Django 4.0 and above, CSRF_TRUSTED_ORIGINS must include scheme. #33226

Merged

Contributor

awais786 commented Sep 12, 2023

Facing this issue on sandboxes with django42.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment