On 10/26/22 04:33, Guillermo Hernandez (Oldno7) via Mailman-users wrote:
I did it via pip and all seems to be working, but when I try to discard or accept any message via postorius it shows a Forbidden 403 error CSRF verification failed.
In my settings.py I have commented out these variables:
# Other security settings # SECURE_SSL_REDIRECT = True # If you set SECURE_SSL_REDIRECT to True, make sure the SECURE_REDIRECT_EXEMPT # contains at least this line: # SECURE_REDIRECT_EXEMPT = [ # "archives/api/mailman/.*", # Request from Mailman. # ] # SESSION_COOKIE_SECURE = True # SECURE_CONTENT_TYPE_NOSNIFF = True # SECURE_BROWSER_XSS_FILTER = True # CSRF_COOKIE_SECURE = True # CSRF_COOKIE_HTTPONLY = True # X_FRAME_OPTIONS = 'DENY'
I've been messing with them whith no results. It's like it lacked some value in some template...
It's not an issue with the code per se or the templates. These updates are all installed on mail.python.org and lists.mailman3.org and are working fine.
After upgrading did you run
django-admin collectstatic --clear django-admin compress django admin migrate
If you have and it doesn't help, you probably need to add CSRF_TRUSTED_ORIGINS to your settings.py.
See https://docs.djangoproject.com/en/4.1/ref/settings/#csrf-trusted-origins and note the differences between Django <4.0 and >=4.0.
-- Mark Sapiro <mark@msapiro.net> The highway is for gamblers, San Francisco Bay Area, California better use your sense - B. Dylan