WARNING::django.security.csrf::Forbidden (CSRF token from the 'X-Csrftoken' HTTP header incorrect.): /admin/autocomplete/search/

[frague59]

Hi,

I'm having CSRF issues with wagtailautocomplete, on my dev platform (not yet deployed).

My CSRF settings:

CSRF_COOKIE_SAMESITE = "Strict"
CSRF_COOKIE_SECURE = True
CSRF_USE_SESSIONS = False

I'm using a autocomplete_custom_queryset_filter() method to filter the queryset.

class Contact(models.Model):

   last_name = ...
   first_name = ...
   company = ...

   def autocomplete_label(self) -> str:
       return str(self)

   @staticmethod
   def autocomplete_custom_queryset_filter(search_term: str) -> QuerySet:
       return Contact.objects.filter(
           Q(first_name__icontains=search_term)
           | Q(last_name__icontains=search_term)
           | Q(company__icontains=search_term)
       )

The "client" model :

class EquipmentContact(models.Model):
    """M2M relation table."""
    contact = models.ForeignKey(Contact)
    ....
    panels = [
        AutocompletePanel("contact"),
        ...
    ]

What is weird is that I can see the X-CSRFToken in AJAX header AND the csrftoken in the cookies, but the request fails.

Django: 4.2.x
Wagtail: 6.3.2
wagtailautocomplete: 0.11.0

Thanks for your help !

[frague59]

The request fails with a 403 status.