This browser is no longer supported.
Upgrade to Microsoft Edge to take advantage of the latest features, security updates, and technical support.
![](data:image/svg+xml, %3Csvg xmlns='http://www.w3.org/2000/svg' height='64' class='font-weight-bold' style='font: 600 30.11764705882353px "SegoeUI", Arial' width='64'%3E%3Ccircle fill='hsl(268.8, 95%, 36%)' cx='32' cy='32' r='32' /%3E%3Ctext x='50%25' y='55%25' dominant-baseline='middle' text-anchor='middle' fill='%23FFF' %3ESS%3C/text%3E%3C/svg%3E)
I'm getting this error. I tried giving CSRF_TRUSTED_ORIGINS = ['https://site.azurewebsites.net/'], CORS_ALLOWED_ORIGINS = ['https://site.azurewebsites.net/']. But landed on the same issue while submitting the form. ALLOWED_HOSTS =[os.environ['WEBSITE_HOSTNAME']] if 'WEBSITE_HOSTNAME' in os.environ else []
My middleware have
"corsheaders.middleware.CorsMiddleware",
"django.middleware.common.CommonMiddleware" and 'django.middleware.csrf.CsrfViewMiddleware'
@Sangeeth Sajan Thank you for reaching out to Microsoft Q&A, apologize for any inconvenience caused on this.
Could you please elaborate more on your requirement and also what you are trying to accomplish? Are you following any documentation to implement this CSRF on app service ? if yes. could you please help us in sharing to them for better understanding and to assist you further on this.
Hi,
I found the answer.
----------------------------------------
To get the csrf_token working properly we need to add
CSRF_TRUSTED_ORIGINS = ['https://'+ os.environ['WEBSITE_HOSTNAME']]
Hope this might be helpful for others
Hi,
I found the answer.
To get the csrf_token working properly we need to add
CSRF_TRUSTED_ORIGINS = ['https://'+ os.environ['WEBSITE_HOSTNAME']]
Hope this might be helpful to others
@Sangeeth Sajan Thanks for sharing the solution for the benefit of community. Glad to hear that our problem has been resolved.
![](data:image/svg+xml, %3Csvg xmlns='http://www.w3.org/2000/svg' height='64' class='font-weight-bold' style='font: 600 30.11764705882353px "SegoeUI", Arial' width='64'%3E%3Ccircle fill='hsl(32, 48%, 13%)' cx='32' cy='32' r='32' /%3E%3Ctext x='50%25' y='55%25' dominant-baseline='middle' text-anchor='middle' fill='%23FFF' %3EDM%3C/text%3E%3C/svg%3E)
Hi Sangeeth,
Could you please tell me which file you edited?
BR
Dehan Meng
![](data:image/svg+xml, %3Csvg xmlns='http://www.w3.org/2000/svg' height='64' class='font-weight-bold' style='font: 600 30.11764705882353px "SegoeUI", Arial' width='64'%3E%3Ccircle fill='hsl(9.6, 69%, 10%)' cx='32' cy='32' r='32' /%3E%3Ctext x='50%25' y='55%25' dominant-baseline='middle' text-anchor='middle' fill='%23FFF' %3ENF%3C/text%3E%3C/svg%3E)
Hi Sangeeth Sajan,
Can you elaborate what did you do to make that work?
I was trying to implement the same .
My APIs are working if it's an http call and throwing 403 forbidden for https request
Hi @Dehan Meng ,
I edited the settings.py file
Hi Nimra Fatima,
Sometimes it won't work if the allowed host is not given properly in the settings.py file it should be like this
ALLOWED_HOSTS =[os.environ['WEBSITE_HOSTNAME']] if 'WEBSITE_HOSTNAME' in os.environ else []