search

jrief / django-admin-sortable2

Generic drag-and-drop ordering for objects in the Django admin interface
https://django-admin-sortable2.readthedocs.io/en/latest/
Other
770 stars 180 forks source link

CSRF Errors since version 2 #303

Closed benedikt-bartscher closed 2 years ago

benedikt-bartscher commented 2 years ago

Since version 2 all /adminsortable2_update/ POST requests are failing with an CSRF error (Status Code 403) for me. image

jrief commented 2 years ago

Please check that the preceding GET-request sets the Cookie named csrftoken. That value is parsed and added to the POST header.

benedikt-bartscher commented 2 years ago

It does not, it only sets a session id. I am using: 

CSRF_USE_SESSIONS = True

Logs:

Forbidden (CSRF token from the 'X-Csrftoken' HTTP header incorrect.): /admin/myapp/mymodel/adminsortable2_update/
jrief commented 2 years ago

fixed in version 2.0.2

benedikt-bartscher commented 2 years ago

works fine, thanks!