JUNIPER.MASTER - Fresh Install: Forbidden (CSRF cookie not set.): /change_enrollment

Herve_siyou · September 2, 2020, 8:47am

Hi,

I keep moving testing juniper.master, i just do a new fresh install, and once finished, i try to login, but i have this error:

Sep 2 09:33:45 lms [service_variant=lms][django.security.csrf][env:sandbox] WARNING [lms 2020] [user None] [log.py:228] - Forbidden (CSRF cookie not set.): /change_enrollment

Sep 2 09:41:35 lms [service_variant=lms][django.security.csrf][env:sandbox] WARNING [lms 1890] [user None] [log.py:228] - Forbidden (CSRF cookie not set.): /user_api/v1/account/login_session/

Cookies are enabled on my browser, i try to login on EDGE, OPERA, MOZILLA and CHROME, same error:

Forbidden (403) : CSRF verification failed. Request aborted.

You are seeing this message because this site requires a CSRF cookie when submitting forms. This cookie is required for security reasons, to ensure that your browser is not being hijacked by third parties.

If you have configured your browser to disable cookies, please re-enable them, at least for this site, or for 'same-origin' requests.

How can i fix it?

Thanks again for your help

Herve_siyou · September 2, 2020, 9:20am

Just clear my browser cache and datas, and now i can login well.

Don’t know if it is the good solution for that…

mahyard · September 2, 2020, 2:30pm

Perhaps there was a conflict with other Open edX instances or edx.org website.
Don’t you think so?

sbernesto · September 2, 2020, 10:37pm

Hi,

You try change the variable DCS_SESSION_COOKIE_SAMESITE = ‘None’ to Lax,
from edx-platform/lms/envs/common.py and restart

Herve_siyou · September 3, 2020, 3:03pm

I do not understand, here is what i have in my file /edx/app/edxapp/edx-platform/lms/envs/common.py

# django-session-cookie middleware
DCS_SESSION_COOKIE_SAMESITE = 'None'
DCS_SESSION_COOKIE_SAMESITE_FORCE_ALL = True

What should i change here to make this error gone?

morenol · September 3, 2020, 3:08pm

Hi @Herve_siyou,

As @sbernesto said, you can change the line with DCS_SESSION_COOKIE_SAMESITE to

DCS_SESSION_COOKIE_SAMESITE = 'lax'

But I think that even better you could add a line in /edx/etc/lms.yml with:

DCS_SESSION_COOKIE_SAMESITE: lax

Herve_siyou · September 3, 2020, 3:08pm

It…

Works!!!

sbernesto · September 3, 2020, 3:37pm

hi,

I’m going to try it, thanks

misilot · September 3, 2020, 6:00pm

Is your site running via HTTPS or are you just running HTTP right now?

If so, setting DCS_SESSION_COOKIE_SAMESITE = 'lax' may not be compatible with HTTPS

Alecar · September 3, 2020, 6:29pm

Hi,

If you are using HTTPS maybe You can set these variables:

EDXAPP_CSRF_COOKIE_SECURE: true
EDXAPP_SESSION_COOKIE_SECURE: true

That working for me.

Herve_siyou · September 3, 2020, 8:05pm

Running HTTPS, and it works with DCS_SESSION_COOKIE_SAMESITE = 'lax’

Herve_siyou · September 3, 2020, 8:43pm

Need help here please, can not login to CMS, just look here: Configuration change from Ironwood to Juniper?

Thanks for your help bro