Clould9's Django out of the box gives CSRF error when I attempt to login to the admin page. Reason given is: - Forbidden (403) - CSRF verification failed. Request aborted. - Referer checking failed - https://mysite.c9.io/admin/login/?next=/admin/ does not match https://mysite.c9.io:443/
No changes were made to the instance, other than creating a superuser.
Commenting out setting.py MIDDLEWARE_CLASSES 'django.middleware.csrf.CsrfViewMiddleware' did not fix the issue.
Current workaround is through setattr(request, '_dont_enforce_csrf_checks', True), found here: Django CSRF framework cannot be disabled and is breaking my site
The problem seems to be the way Cloud9 treats HTTPS on port 443. Is there a way to fix this without disabling CSRF for the whole site? I also seem to be sandboxed out of django-admin.py, so I can't limit the hack to just the admin page.
I have opened a ticket for this issue with the cloud9 support @eff M. They are great guys out there and great IDE as well with great support.
Meanwhile try this workaround for the time being:
access your admin page with http://mysite.c9.io/admin/login/?next=/admin/ and not with https://mysite.c9.io/admin/login/?next=/admin/ and see if you can login. it worked well on my side.