[英]Django Login POST hangs when i do HttpResponseRedirect (302)
I'm Juan Manuel and I have a problem with my Login page in Django 1.8.18 (Python 2.7).我是 Juan Manuel,我在 Django 1.8.18 (Python 2.7) 中的登录页面有问题。
When I do "POST" of username/password Form (passes authenticate() and login() well) and have to redirect (HttpResponseRedirect) to my index page, the browser hangs waiting for a response (it stays in the login page).当我执行用户名/密码表单的“POST”(通过authenticate() 和login() 很好)并且必须重定向(HttpResponseRedirect)到我的索引页面时,浏览器挂起等待响应(它停留在登录页面中)。
After POST it wants to redirect to to '/' with a HTTP 302 and stays like that. POST 后,它想使用 HTTP 302 重定向到“/”并保持原样。
[01/Apr/2020 16:19:43] "POST /login/ HTTP/1.1" 302 0
I've noticed a few things:我注意到了一些事情:
1) It doesn't happend everytime. 1)它不是每次都发生。
2) On Chrome's developer mode with "Disable cache" mode on works fine. 2) 在 Chrome 的开发者模式下,“禁用缓存”模式工作正常。
3) On Firefox works fine. 3) 在 Firefox 上工作正常。
4) With reverse() it's the same problem (internally calls HttpResponseRedirect()). 4) 使用 reverse() 也是同样的问题(内部调用 HttpResponseRedirect())。
5) The problem exists on the Developing Server (Django) and in Production Server (Apache). 5)开发服务器(Django)和生产服务器(Apache)存在问题。
When it's hanging like that, if I press F5 (reload), works fine and the redirection goes to the index.当它像这样挂起时,如果我按 F5(重新加载),则工作正常并且重定向会转到索引。
url.py:网址.py:
# -*- coding: utf-8 -*-
from django.conf.urls import patterns, include, url
from django.conf import settings
from django.conf.urls.static import static
from django.contrib import admin
from django.contrib.staticfiles.urls import staticfiles_urlpatterns
from .views import *
admin.autodiscover()
urlpatterns = patterns('',
url(r'^', include('tadese.urls')),
url(r'^login/$', login),
url(r'^login_cuota/$', login_cuota),
url(r'^logout/$', logout),
url(r'^admin/', include(admin.site.urls)),
)+ static(settings.MEDIA_URL, document_root=settings.MEDIA_ROOT)
if settings.DEBUG is False: #if DEBUG is True it will be served automatically
urlpatterns += patterns('',
url(r'^staticfiles/(?P<path>.*)$', 'django.views.static.serve', {'document_root': settings.STATIC_ROOT}),
)
handler500 = volverHome
handler404 = volverHome
view.py查看.py
# -*- coding: utf-8 -*-
from django.contrib.auth import login as django_login, authenticate, logout as django_logout
from django.shortcuts import *
from settings import *
from django.core.urlresolvers import reverse
from django.contrib import messages
from tadese.models import Configuracion, Cuotas, Tributo, UserProfile
from tadese.utilidades import TRIBUTOS_LOGIN
from django.db.models import Q
from django.template.defaulttags import register
from django.conf import settings
def login(request):
error = None
LOGIN_REDIRECT_URL = settings.LOGIN_REDIRECT_URL
if request.method == 'GET':
if request.user.is_authenticated():
return volverHome(request)
try:
sitio = Configuracion.objects.all().first()
except Configuracion.DoesNotExist:
sitio = None
if sitio <> None:
unico_padr = (sitio.ver_unico_padron == 'S')
if sitio.mantenimiento == 1:
return render_to_response('mantenimiento.html', {'dirMuni': MUNI_DIR, 'sitio': sitio},
context_instance=RequestContext(request))
else:
unico_padr = False
if request.method == 'POST':
user = authenticate(username=request.POST['username'], password=request.POST['password'],
tributo=request.POST['tributo'])
if user is not None:
if user.is_active:
django_login(request, user)
if user.userprofile.tipoUsr == 0:
request.session["usuario"] = request.POST['username']
if unico_padr:
try:
padr = Cuotas.objects.filter(padron=request.POST['username'], estado=0).order_by(
'-id_cuota').first()
if padr:
LOGIN_REDIRECT_URL = reverse('ver_cuotas', kwargs={'idp': padr.id_padron})
return HttpResponseRedirect(LOGIN_REDIRECT_URL)
except:
padr = None
else:
LOGIN_REDIRECT_URL = reverse('padrones_responsable')
return volverHome(request)
else:
## invalid login
error = u'Verifique que:\n. Los datos sean correctos.\n. Posea cuotas generadas en el sistema.'
else:
## invalid login
error = u'Verifique que:\n. Los datos sean correctos.\n. Posea cuotas generadas en el sistema.'
# return direct_to_template(request, 'invalid_login.html')
if error:
messages.add_message(request, messages.ERROR, u'%s' % (error))
tributos = Tributo.objects.filter()
return render_to_response('index.html', {'dirMuni': MUNI_DIR, 'sitio': sitio, 'tributos': tributos},
context_instance=RequestContext(request))
def logout(request):
request.session.clear()
django_logout(request)
return HttpResponseRedirect(LOGIN_URL)
def volverHome(request):
if not request.user.is_authenticated():
return HttpResponseRedirect(LOGIN_URL)
if request.user.userprofile.tipoUsr == 0:
LOGIN_REDIRECT_URL = reverse('padrones_responsable')
elif request.user.userprofile.tipoUsr == 1:
LOGIN_REDIRECT_URL = reverse('padrones_estudio')
else:
LOGIN_REDIRECT_URL = reverse('padrones_responsable')
return HttpResponseRedirect(LOGIN_REDIRECT_URL)
From https://developer.mozilla.org/en-US/docs/Web/HTTP/Status/302来自https://developer.mozilla.org/en-US/docs/Web/HTTP/Status/302
The HyperText Transfer Protocol (HTTP) 302 Found redirect status response code indicates that the resource requested has been temporarily moved to the URL given by the Location header.超文本传输协议 (HTTP) 302 Found 重定向状态响应代码表示请求的资源已临时移动到 Location 标头给出的 URL。 A browser redirects to this page but search engines don't update their links to the resource (in 'SEO-speak', it is said that the 'link-juice' is not sent to the new URL).
浏览器重定向到此页面,但搜索引擎不会更新其指向资源的链接(在“SEO-speak”中,据说“link-juice”不会发送到新 URL)。
Even if the specification requires the method (and the body) not to be altered when the redirection is performed, not all user-agents conform here - you can still find this type of bugged software out there.即使规范要求在执行重定向时不更改方法(和主体),但并非所有用户代理都符合此处 - 您仍然可以在那里找到这种类型的有漏洞的软件。 It is therefore recommended to set the 302 code only as a response for GET or HEAD methods and to use 307 Temporary Redirect instead, as the method change is explicitly prohibited in that case.
因此,建议仅将 302 代码设置为对 GET 或 HEAD 方法的响应,并改为使用 307 临时重定向,因为在这种情况下明确禁止方法更改。
In the cases where you want the method used to be changed to GET, use 303 See Other instead.如果您希望将使用的方法更改为 GET,请改用 303 See Other。 This is useful when you want to give a response to a PUT method that is not the uploaded resource but a confirmation message such as: 'you successfully uploaded XYZ'.
当您想要对不是上传资源而是确认消息的 PUT 方法做出响应时,这很有用,例如:“您已成功上传 XYZ”。
Also can you share the finding after using a supported python 3 version and django 2.2 LTS您还可以在使用受支持的 python 3 版本和 django 2.2 LTS 后分享发现吗
basically, that problem refers to that the web page is exposed to circular redirect as if you use a recursion by calling "redirect" statement基本上,该问题是指网页暴露于循环重定向,就好像您通过调用“重定向”语句使用递归一样
This happen to me when I created code that looks like the following:当我创建如下所示的代码时,就会发生这种情况:
if not request.user.is_superuser or role != 'SubAdmin':
return redirect('accounts:profile', request.user.id)
and that in the pseudo-code says: return me to the current user profile when the superuser is not in request, knowing that: I don't in the request as well so that, the web page will be exposed to the redirect "recursion"并且在伪代码中说:当超级用户不在请求中时,将我返回到当前用户配置文件,知道:我不在请求中,因此,网页将暴露于重定向“递归”
声明:本站的技术帖子网页,遵循CC BY-SA 4.0协议,如果您需要转载,请注明本站网址或者原文地址。任何问题请咨询:yoyou2525@163.com.