Django 在本地返回 Nginx 代理后面的“CSRF 验证失败。请求中止。”
[英]Django returning "CSRF verification failed. Request aborted. " behind Nginx proxy locally
问题描述
I'm running a simple Django application without any complicated setup (most of the default, Django allauth & Django Rest Framework). 
I'm running a simple Django application without any complicated setup (most of the default, Django allauth & Django Rest Framework).
The infrastructure for running both locally and remotely is in a docker-compose file:用于本地和远程运行的基础设施位于 docker-compose 文件中:
version: "3"
services:
web:
image: web_app
build:
context: .
dockerfile: Dockerfile
command: gunicorn my_service.wsgi --reload --bind 0.0.0.0:80 --workers 3
env_file: .env
volumes:
- ./my_repo/:/app:z
depends_on:
- db
environment:
- DOCKER=1
nginx:
image: nginx_build
build:
context: nginx
dockerfile: Dockerfile
volumes:
- ./my_repo/:/app:z
ports:
- "7000:80"
... # db and so on
as you see, I'm using Gunicorn the serve the application and Nginx as a proxy (for static files and Let's Encrypt setup. The Nginx container has some customizations:如您所见,我使用 Gunicorn 为应用程序提供服务,并使用 Nginx 作为代理(用于 static 文件和 Let's Encrypt 设置。Z62E0B5B350C9E3D2C19AA801D9442BAZ 容器具有一些自定义项:
FROM nginx:1.21-alpine
RUN rm /etc/nginx/conf.d/default.conf
COPY nginx.conf /etc/nginx/conf.d
And the nginx.conf file is a reverse proxy with a static mapping: nginx.conf 文件是具有 static 映射的反向代理:
server {
listen 80;
location / {
proxy_pass http://web;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_set_header Host $host;
proxy_redirect off;
}
location /static/ {
alias /app/my_repo/static/;
}
}
Running this on the server after setting up let's encrypt in the Nginx container works without any issue, but locally I get the "CSRF verification failed. Request aborted."设置后在服务器上运行这个让我们在 Nginx 容器中进行加密没有任何问题,但在本地我得到“CSRF 验证失败。请求中止”。 error every time I submit a form (eg create a dummy user in Django Admin).每次我提交表单时都会出错(例如,在 Django Admin 中创建一个虚拟用户)。 I exposed the web port and used it to submit the forms and it worked.我暴露了 web 端口并用它提交 forms 并且它工作。
Because of that, I deduce that there is something missing in the Nginx config or something to "tell" Django how to handle it.因此,我推断 Nginx 配置中缺少一些东西,或者“告诉”Django 如何处理它。 So, what I'm missing and how should I investigate this?那么,我错过了什么,我应该如何调查呢?
1 个解决方案
解决方案1
1 已采纳 2021-12-28 16:43:55
Since you're using a proxy that translates https requests into http, you need to configure Django to allow POST requests from a different scheme ( since Django 4.0 ) by adding this to settings.py : Since you're using a proxy that translates https requests into http, you need to configure Django to allow POST requests from a different scheme ( since Django 4.0 ) by adding this to settings.py :
CSRF_TRUSTED_ORIGINS = ["https://yourdomain.com", "https://www.yourdomain.com"]
If this does not solve your problem, you can temporarily set DEBUG = True in production and try again.如果这不能解决您的问题,您可以在生产中临时设置DEBUG = True试。 On the error page, you will see a "Reason given for failure" that you can post here.在错误页面上,您将看到可以在此处发布的“失败原因”。
声明:本站的技术帖子网页,遵循CC BY-SA 4.0协议,如果您需要转载,请注明本站网址或者原文地址。任何问题请咨询:yoyou2525@163.com.