django-markdownx icon indicating copy to clipboard operation
django-markdownx copied to clipboard

Published 20 hours ago verified publisher icon neutronX

Django Admin Preview Broken - Forbidden (403) CSRF verification failed. Request aborted.

Open sampiecz opened this issue 6 years ago • 11 comments

Hello,

I have scoured the documentation and google before coming here but I can't seem to find anything on the topic. I run into no issues in my development environment. However, on my production machine I get some really odd behavior. When I go to edit a model that has a MarkdownxField(), my websites navigation starts to appear, and I get a 403 error. I don't really know how else to describe it. I have no traceback to post. Any suggestions of how I can start troubleshooting this?

The first two images attached are just to show my admin behaves as normal. Last two are the strange behavior I am getting.

standard2 standard error2 error1

Thanks a bunch in advance!

sampiecz avatar Mar 18 '18 04:03 sampiecz

For whatever reason it's inheriting from my base.html and the css associated with that template.

sampiecz avatar Mar 18 '18 04:03 sampiecz

Suggestions anyone? For the time being I just created a template to override the django-markdownx preview -- since the preview isn't showing, my error is gone. However, it would be nice to use the preview if possible.

sampiecz avatar Apr 04 '18 17:04 sampiecz

How do you return your CSRF TOKEN ? Does it return in the POST or store in session ??

Pyvonix avatar Apr 05 '18 09:04 Pyvonix

@TheBuky Here is my current "Solution". I'm not sure what you mean by how do I return my current CSRF TOKEN? Prior to overriding the template, my admin looked like it did in the pictures. Obviously buggy, however when override the template I don't get that issue. Solely because it doesn't even load the preview container.

However, I do want to see the preview, and not have it pulling in my main web app's navigation..

Thanks in advance for the help @TheBuky

<div class="markdownx row">
    <div class="col-md-6">
        <p>testing</p>
        <!-- Django 1.10 and below -->
        {% csrf_token %}
	{{ markdownx_editor }}
        <!-- Django 1.11+ -->
            <!--       {% include 'django/forms/widgets/textarea.html' %} -->
    </div>
    <div class="col-md-6">
        <div class="markdownx-preview"></div>
    </div>
</div>

sampiecz avatar Apr 05 '18 23:04 sampiecz

@sampiecz did you by any chance achieve a more robust solution?

qwergram avatar Jul 15 '18 06:07 qwergram

@qwergram I have not yet. Are you encountering something similar?

Right now, I just edited the HTML template and commented out the preview box.

sampiecz avatar Jul 15 '18 22:07 sampiecz

@sampiecz I encountered exactly what you're seeing on a personal project. Luckily I have enough flexibility to use a different library, specifically markdownify.

qwergram avatar Jul 18 '18 00:07 qwergram

It's really a shame, I'd prefer to use markdownx because of it's drag and drop image feature too. I'll have to checkout mardownify, thanks for the heads up @qwergram

sampiecz avatar Jul 18 '18 17:07 sampiecz

Please update with recent code. Probably you have session csrf activated in your config.

adi- avatar Nov 02 '18 08:11 adi-

@adi- can you explain a little more what you mean? How do I deactivate "session csrf in my config"? In settings.py?

qwergram avatar Nov 02 '18 19:11 qwergram

Check this one https://github.com/neutronX/django-markdownx/pull/111

adi- avatar Nov 03 '18 08:11 adi-