django admin login suddenly demanding csrf token

Admin login normally does require a csrf token, but that's normally all taken care for you.

1. Check your browser's cookies to see if there is a csrf token present
2. Try clearing cookies and refreshing
3. Check to make sure you have django.middleware.csrf.CsrfViewMiddleware in your middleware
4. Check that you're either on https or you have CSRF_COOKIE_SECURE=False (which is the default) in settings, otherwise your csrf cookie exists but won't be sent. Purge your cookies after changing CSRF_COOKIE_SECURE.

for new users facing this issue after upgrading to Django +4.0 you need to add CSRF_TRUSTED_ORIGINS=['https://*.YOUR_DOMAIN.COM'] to settings.py

thanks to the below answer:

https://stackoverflow.com/a/70326426/2259546