JUNIPER.MASTER - Fresh Install: Forbidden (CSRF cookie not set.): /change_enrollment

Hi,

I keep moving testing juniper.master, i just do a new fresh install, and once finished, i try to login, but i have this error:

Sep 2 09:33:45 lms [service_variant=lms][django.security.csrf][env:sandbox] WARNING [lms 2020] [user None] [log.py:228] - Forbidden (CSRF cookie not set.): /change_enrollment

Sep 2 09:41:35 lms [service_variant=lms][django.security.csrf][env:sandbox] WARNING [lms 1890] [user None] [log.py:228] - Forbidden (CSRF cookie not set.): /user_api/v1/account/login_session/

Cookies are enabled on my browser, i try to login on EDGE, OPERA, MOZILLA and CHROME, same error:

Forbidden (403) : CSRF verification failed. Request aborted.

You are seeing this message because this site requires a CSRF cookie when submitting forms. This cookie is required for security reasons, to ensure that your browser is not being hijacked by third parties.

If you have configured your browser to disable cookies, please re-enable them, at least for this site, or for 'same-origin' requests.

How can i fix it?

Thanks again for your help :relaxed:

Just clear my browser cache and datas, and now i can login well.

Don’t know if it is the good solution for that…

Perhaps there was a conflict with other Open edX instances or edx.org website.
Don’t you think so?

1 Like

Hi,

You try change the variable DCS_SESSION_COOKIE_SAMESITE = ‘None’ to Lax,
from edx-platform/lms/envs/common.py and restart

2 Likes

I do not understand, here is what i have in my file /edx/app/edxapp/edx-platform/lms/envs/common.py

# django-session-cookie middleware
DCS_SESSION_COOKIE_SAMESITE = 'None'
DCS_SESSION_COOKIE_SAMESITE_FORCE_ALL = True

What should i change here to make this error gone?

Hi @Herve_siyou,

As @sbernesto said, you can change the line with DCS_SESSION_COOKIE_SAMESITE to

DCS_SESSION_COOKIE_SAMESITE = 'lax'

But I think that even better you could add a line in /edx/etc/lms.yml with:

DCS_SESSION_COOKIE_SAMESITE: lax
2 Likes

It…

Works!!! :sunglasses: :sunglasses: :sunglasses:

hi,

I’m going to try it, thanks

Is your site running via HTTPS or are you just running HTTP right now?

If so, setting DCS_SESSION_COOKIE_SAMESITE = 'lax' may not be compatible with HTTPS

Hi,

If you are using HTTPS maybe You can set these variables:

EDXAPP_CSRF_COOKIE_SECURE: true
EDXAPP_SESSION_COOKIE_SECURE: true

That working for me.

3 Likes

Running HTTPS, and it works with DCS_SESSION_COOKIE_SAMESITE = ‘lax’

Need help here please, can not login to CMS, just look here: Configuration change from Ironwood to Juniper?

Thanks for your help bro :sunglasses: