Cannot Login to Django admin with my superuser account when it is on Deployment, showing CSRF error 403 forbidden

Question

I am super newbie on DJango and Programming.

I made a backend server with django and deployed successfully on "render.com". I can approach to admin login screen but cannot login to it with my superuser ID. [it worked in runserver perfect but does not work on deployment... showing error below :-( ]

---

Forbidden (403)

CSRF verification failed. Request aborted. You are seeing this message because this site requires a CSRF cookie when submitting forms. This cookie is required for security reasons, to ensure that your browser is not being hijacked by third parties. If you have configured your browser to disable cookies, please re-enable them, at least for this site, or for 'same-origin' requests.

---

I googled some articles about it. and they told me that I have to add

CSRF_TRUSTED_ORIGINS= ["mydomain"]

on settings.py

Here is the questions...

Q1. Do I have to put my frontend domain or backend domain in "mydomain" ?

Q2. Some articles said that I have to add

CSRF_COOKIE_SECURE = False

in my settings.py too??

Answer 1

Here are my few suggestions kindly note that my use of Django is also limited but the time I have encountered this issue in regards to question one use your frontend domain but also edit your syntax to have single quotation marks than double quotation marks ( I see you're using double quotation marks) as illustrated below:-

CSRF_TRUSTED_ORIGINS = ['https://*.your_domain.com','https://*.127.0.0.1']

About Question two Sometimes it's actually your web browser try using incognito mode and yes you have to set

CSRF_COOKIE_SECURE = False

In your settings file more details on this answer