Hi
Thank you for your job.
It was working perfectly on my dev environment but not on production.
I think the difference is that I am using everything very secure:
SESSION_COOKIE_SECURE="True"
SESSION_COOKIE_HTTPONLY="True"
CSRF_COOKIE_HTTPONLY="True"
SECURE_BROWSER_XSS_FILTER="True"
DJANGO_SECURE_SSL_REDIRECT="True"
X_FRAME_OPTIONS="DENY"
In the log I get
Forbidden (CSRF token from the 'X-Csrftoken' HTTP header has incorrect length.): /two_factor/verification/
When I inspect the request in the browser on the PUT request, in the request header I have :
x-csrftoken: undefined
I am not sure but may be this is a way : https://docs.djangoproject.com/fr/4.0/ref/csrf/#setting-the-token-on-the-ajax-request
Also you may add in the documentation to allow PUT request on the webserver for this URL /two_factor/verification/ .
Hi
Thank you for your job.
It was working perfectly on my dev environment but not on production.
I think the difference is that I am using everything very secure:
In the log I get
Forbidden (CSRF token from the 'X-Csrftoken' HTTP header has incorrect length.): /two_factor/verification/When I inspect the request in the browser on the PUT request, in the request header I have :
x-csrftoken: undefinedI am not sure but may be this is a way : https://docs.djangoproject.com/fr/4.0/ref/csrf/#setting-the-token-on-the-ajax-request
Also you may add in the documentation to allow PUT request on the webserver for this URL
/two_factor/verification/.