Django 管理员登录 403 Forbidden (CSRF cookie 未设置。)

Question

我正在尝试登录管理面板，但出现 403 Forbidden 错误。 上周，没有错误。 我没有改变任何东西。 我几乎在 StackOverFlow 中尝试了所有相同问题的解决方案。 请帮我！ 谢谢阅读。 我为我糟糕的英语道歉。

系统：

Ubuntu 16.04
Python 3.5
Django 2.0
Gunicorn
Nginx
iRedMail

Django 调试日志

    Exception while resolving variable 'is_popup' in template 'admin/login.html'.
Traceback (most recent call last):
  File "/home/xxx/xxx/xxx/lib/python3.5/site-packages/django/template/base.py", line 829, in _resolve_lookup
    current = current[bit]
  File "/home/xxx/xxx/xxx/lib/python3.5/site-packages/django/template/context.py", line 83, in __getitem__
    raise KeyError(key)
KeyError: 'is_popup'

During handling of the above exception, another exception occurred:

Traceback (most recent call last):
  File "/home/xxx/xxx/xxx/lib/python3.5/site-packages/django/template/base.py", line 835, in _resolve_lookup
    if isinstance(current, BaseContext) and getattr(type(current), bit):
AttributeError: type object 'RequestContext' has no attribute 'is_popup'

During handling of the above exception, another exception occurred:

Traceback (most recent call last):
  File "/home/xxx/xxx/xxx/lib/python3.5/site-packages/django/template/base.py", line 843, in _resolve_lookup
    current = current[int(bit)]
ValueError: invalid literal for int() with base 10: 'is_popup'

During handling of the above exception, another exception occurred:

Traceback (most recent call last):
  File "/home/xxx/xxx/xxx/lib/python3.5/site-packages/django/template/base.py", line 850, in _resolve_lookup
    (bit, current))  # missing attribute
django.template.base.VariableDoesNotExist: Failed lookup for key [is_popup] in [{'False': False, 'None': None, 'True': True}, {'base_url': 'domain.com', 'DEFAULT_MESSAGE_LEVELS': {'DEBUG': 10, 'SUCCESS': 25, 'WARNING': 30, 'ERROR': 40, 'INFO': 20}, 'perms': <django.contrib.auth.context_processors.PermWrapper object at 0x7f3ea494a128>, 'messages': <django.contrib.messages.storage.fallback.FallbackStorage object at 0x7f3ea4977240>, 'request': <WSGIRequest: GET '/admin/login/?next=/admin/'>, 'user': <SimpleLazyObject: <django.contrib.auth.models.AnonymousUser object at 0x7f3ea4977278>>, 'csrf_token': <SimpleLazyObject: <function csrf.<locals>._get_val at 0x7f3ea49a2048>>, 'categories': <QuerySet [<Category: ASD>, <Category: ASD>, <Category: ASD>, <Category: ASD>, <Category: ASD>]>}, {}, {'site_url': '/', 'next': '/admin/', 'title': 'Oturum aç', 'view': <django.contrib.auth.views.LoginView object at 0x7f3ea4977320>, 'username': '', 'LANGUAGE_BIDI': False, 'site': <django.contrib.sites.requests.RequestSite object at 0x7f3ea4977630>, 'site_name': 'www.domain.com', 'LANGUAGE_CODE': 'TR', 'form': <AdminAuthenticationForm bound=False, valid=Unknown, fields=(username;password)>, 'available_apps': [], 'site_title': '', 'has_permission': False, 'app_path': '/admin/login/?next=/admin/', 'site_header': ''}]
Forbidden (CSRF cookie not set.): /admin/login/

/etc/nginx/sites-enabled/00-default.conf

#
# Note: This file must be loaded before other virtual host config files,
#
# HTTP
server{
    listen 80;
    server_name www.domain.com;

     location = /favicon.ico { access_log off; log_not_found off; }
     location /static/ {
     root /home/xxx/xxx;
     expires 1M;
     access_log off;
     add_header Cache-Control "public";
}

location /media/ {
     root /home/xxx/xxx;
     expires 1M;
     access_log off;
     add_header Cache-Control "public";
}
location / {
     include proxy_params;
     proxy_pass http://unix:/home/xxx/xxx/domain.sock;
     add_header X-Xss-Protection "1; mode=block" always;
     add_header X-Content-Type-Options nosniff;
     add_header 'Referrer-Policy' 'no-referrer';
     add_header Content-Security-Policy "default-src 'self';";
     add_header Strict-Transport-Security "max-age=31536000; includeSubDomains" always;
}

}
server {
     # Listen on ipv4
     listen 443;

     # Listen on ipv6.
     # Note: this setting listens on both ipv4 and ipv6 with Nginx release
     #       shipped in some Linux/BSD distributions.
     #listen [::]:80;
     server_name https://mail.domain.com;
}

Answer 1

已解决修改了具有以下行的文件 settings.py：

CSRF_COOKIE_SECURE = False
SESSION_COOKIE_SECURE = False

Answer 2

我想在这里添加更多信息......文档中不建议关闭csrf......

我希望它可以帮助某人...

您还可以在 context_processors 的设置中包含以下内容：'django.template.context_processors.csrf'，

此行应自动将 csrf 令牌包含到模板中...因此它应该消除 csrf cookie not set fault ...

老实说，我将此行设置到我的设置中，但是因为我在上述设置中使用了解决方案，并且它解决了我的“未设置 cookie”的问题，我无法确认 100% 对这个错误有帮助......但这是另一种方法解决 csrf 令牌的问题...