stackoom
  简体   繁体   中英

Django webapp not working on ipad(csrf_token) and IE(CORS) error

 原文  2019-07-17 16:20:49       python/ django/ internet-explorer/ csrf-token

Question

Sorry, I know this is kind of 2 quetions in one, but there may be a resource out there that can fix both my problems. I have a webapp that I have created with Django that I am loading into an iframe of a wordpress site that I have started testing.

At the moment it works as designed on google chrome, my android phone, and iphones. However I am having a CSRF token issue when I 'POST' from the iframe only when using an ipad.

I am also not able to load in internet explorer, getting a CORS error after going through the "django-cors-headers" documentation.

I have both X-frame-options and Cors whitelist allowing the site to host the iframe.

I am lost as to why the app can work fine in a couple of settings and not in others - or if the errors may just be due to individualized settings on the devices I am testing on. If anyone can help in any way it would be greatly appreciated!

1 answers

solution1
 0  2019-07-18 05:43:01

You could refer to this thread , checking if you have followed all the steps of using django-cors-headers library. Please also check the Django version you use, the library doesn't support Django version < 1.11 . And in this thread , it shows that CORS_ORIGIN_WHITELIST works fine as a string but not as a tuple. Please confirm that you have used the right form.

For the CORS error in IE, the server must attach the following headers to all responses, you could check this article for more information. You could also refer to this blog which provides another way to handle the CORS issue in IE. 

Access-Control-Allow-Origin: http://example.com
Access-Control-Allow-Credentials: true
Access-Control-Allow-Methods: ACL, CANCELUPLOAD, CHECKIN, CHECKOUT, COPY, DELETE, GET, HEAD, LOCK, MKCALENDAR, MKCOL, MOVE, OPTIONS, POST, PROPFIND, PROPPATCH, PUT, REPORT, SEARCH, UNCHECKOUT, UNLOCK, UPDATE, VERSION-CONTROL
Access-Control-Allow-Headers: Overwrite, Destination, Content-Type, Depth, User-Agent, Translate, Range, Content-Range, Timeout, X-File-Size, X-Requested-With, If-Modified-Since, X-File-Name, Cache-Control, Location, Lock-Token, If
Access-Control-Expose-Headers: DAV, content-length, Allow

暂无
暂无

The technical post webpages of this site follow the CC BY-SA 4.0 protocol. If you need to reprint, please indicate the site URL or the original address.Any question please contact:yoyou2525@163.com.

Related Question {% csrf_token %} is not working in django django csrf_token missing error Not working {% csrf_token %} Django csrf_token in ModelAdmin django and csrf_token problem csrf_token problem django Django Form csrf_token Django: Dynamic jquery form not working when {% csrf_token %} is added django 1.7 csrf_token not working: how is it supposed to work? Django: {% csrf_token %} keeps returning 403 Forbidden error
Related Tags
 
粤ICP备18138465号  © 2020-2024 STACKOOM.COM