Django CSRF 使用 HTTPS 后出现故障
[英]Django CSRF Malfunction after using HTTPS
问题描述
I know that this problem is occurs many times here.
我知道这个问题在这里发生了很多次。 But none of them has working for me right now.但他们现在都没有为我工作。 I've been struggling in this error since I change the protocol of my app to https using apache2 and LetsEncrypt.自从我使用 apache2 和 LetsEncrypt 将我的应用程序的协议更改为 https 以来,我一直在努力解决这个错误。 I try the configurations in settings but it doesn't solve the problem.我尝试了设置中的配置,但它并没有解决问题。
# settings.py
CSRF_COOKIE_DOMAIN = ".myapp.ml"
CSRF_COOKIE_SECURE = True
CSRF_USE_SESSIONS = True
SESSION_COOKIE_SECURE = True
Ofcourse in every forms with POST method required that I have has {% csrf_token %} in there.当然,在每个使用 POST 方法的 forms 中,我都必须有{% csrf_token %} 。 It also shows in request data.它还显示在请求数据中。 This errors occurs in Log in and Sign Up forms.此错误发生在登录和注册 forms 中。
Inside the app after I add csrf_exempt in login and signup, I use DRF and when I make requests like POST, DELETE, PUT etc... It only shows the error {"detail":"CSRF Failed: Referer checking failed - no Referer."}在我在登录和注册中添加 csrf_exempt 后,在应用程序内部,我使用 DRF,当我发出 POST、DELETE、PUT 等请求时......它只显示错误{"detail":"CSRF Failed: Referer checking failed - no Referer."}
Here is my apache2 configuration file:这是我的 apache2 配置文件:
<IfModule mod_ssl.c>
<VirtualHost *:443>
# The ServerName directive sets the request scheme, hostname and port that
# the server uses to identify itself. This is used when creating
# redirection URLs. In the context of virtual hosts, the ServerName
# specifies what hostname must appear in the request's Host: header to
# match this virtual host. For the default virtual host (this file) this
# value is not decisive as it is used as a last resort host regardless.
# However, you must set it for any further virtual host explicitly.
ServerName www.myapp.ml
ServerAdmin webmaster@localhost
DocumentRoot /var/www/html
# Available loglevels: trace8, ..., trace1, debug, info, notice, warn,
# error, crit, alert, emerg.
# It is also possible to configure the loglevel for particular
# modules, e.g.
#LogLevel info ssl:warn
ErrorLog ${APACHE_LOG_DIR}/error.log
CustomLog ${APACHE_LOG_DIR}/access.log combined
Alias /app /home/app/app-src/static_root
<Directory /home/app/app-src/static_root>
Require all granted
</Directory>
Alias /media /home/app/app-src/media
<Directory /home/app/app-src/media>
Require all granted
</Directory>
<Directory /home/app/app-src/Project>
<Files wsgi.py>
Require all granted
</Files>
</Directory>
WSGIScriptAlias / /home/app/app-src/Project/wsgi.py
WSGIDaemonProcess Project python-path=/home/app/app-src python-home=/home/app/app-src/venv
WSGIProcessGroup Project
# For most configuration files from conf-available/, which are
# enabled or disabled at a global level, it is possible to
# include a line for only one particular virtual host. For example the
# following line enables the CGI configuration for this host only
# after it has been globally disabled with "a2disconf".
#Include conf-available/serve-cgi-bin.conf
WSGIPassAuthorization On
SSLCertificateFile /etc/letsencrypt/live/www.myapp.ml/fullchain.pem
SSLCertificateKeyFile /etc/letsencrypt/live/www.myapp.ml/privkey.pem
Include /etc/letsencrypt/options-ssl-apache.conf
</VirtualHost>
</IfModule>
NOTE: That is only occuring when I use the HTTPS protocol.注意:这只发生在我使用 HTTPS 协议时。
1 个解决方案
解决方案1
1 2020-11-29 20:49:46
UPDATE更新
I start to find the bug here and I found it on my OWN HTML FILE.我开始在这里找到错误,并在我的 OWN HTML 文件中找到了它。 I Literally forgot that one of my meta tags set the referrer to no-referrer so I just replace it with origin then everything works fine.我真的忘记了我的一个元标记将引用者设置为无引用者,所以我只需将其替换为原点,然后一切正常。
声明:本站的技术帖子网页,遵循CC BY-SA 4.0协议,如果您需要转载,请注明本站网址或者原文地址。任何问题请咨询:yoyou2525@163.com.