Python Django CSRF在使用HTTPS后出现故障
我知道这个问题在这里发生过很多次。但是他们现在都没有为我工作。自从我使用apache2和LetsEncrypt将应用程序的协议更改为https以来,我一直在这个错误中挣扎。我尝试了设置中的配置,但没有解决问题Python Django CSRF在使用HTTPS后出现故障,python,django,django-rest-framework,apache2,Python,Django,Django Rest Framework,Apache2,我知道这个问题在这里发生过很多次。但是他们现在都没有为我工作。自从我使用apache2和LetsEncrypt将应用程序的协议更改为https以来,我一直在这个错误中挣扎。我尝试了设置中的配置,但没有解决问题 # settings.py CSRF_COOKIE_DOMAIN = ".myapp.ml" CSRF_COOKIE_SECURE = True CSRF_USE_SESSIONS = True SESSION_COOKIE_SECURE = True 当然,在我所
# settings.py
CSRF_COOKIE_DOMAIN = ".myapp.ml"
CSRF_COOKIE_SECURE = True
CSRF_USE_SESSIONS = True
SESSION_COOKIE_SECURE = True
{%csrf\u token%}
<IfModule mod_ssl.c>
<VirtualHost *:443>
# The ServerName directive sets the request scheme, hostname and port that
# the server uses to identify itself. This is used when creating
# redirection URLs. In the context of virtual hosts, the ServerName
# specifies what hostname must appear in the request's Host: header to
# match this virtual host. For the default virtual host (this file) this
# value is not decisive as it is used as a last resort host regardless.
# However, you must set it for any further virtual host explicitly.
ServerName www.myapp.ml
ServerAdmin webmaster@localhost
DocumentRoot /var/www/html
# Available loglevels: trace8, ..., trace1, debug, info, notice, warn,
# error, crit, alert, emerg.
# It is also possible to configure the loglevel for particular
# modules, e.g.
#LogLevel info ssl:warn
ErrorLog ${APACHE_LOG_DIR}/error.log
CustomLog ${APACHE_LOG_DIR}/access.log combined
Alias /app /home/app/app-src/static_root
<Directory /home/app/app-src/static_root>
Require all granted
</Directory>
Alias /media /home/app/app-src/media
<Directory /home/app/app-src/media>
Require all granted
</Directory>
<Directory /home/app/app-src/Project>
<Files wsgi.py>
Require all granted
</Files>
</Directory>
WSGIScriptAlias / /home/app/app-src/Project/wsgi.py
WSGIDaemonProcess Project python-path=/home/app/app-src python-home=/home/app/app-src/venv
WSGIProcessGroup Project
# For most configuration files from conf-available/, which are
# enabled or disabled at a global level, it is possible to
# include a line for only one particular virtual host. For example the
# following line enables the CGI configuration for this host only
# after it has been globally disabled with "a2disconf".
#Include conf-available/serve-cgi-bin.conf
WSGIPassAuthorization On
SSLCertificateFile /etc/letsencrypt/live/www.myapp.ml/fullchain.pem
SSLCertificateKeyFile /etc/letsencrypt/live/www.myapp.ml/privkey.pem
Include /etc/letsencrypt/options-ssl-apache.conf
</VirtualHost>
</IfModule>
#ServerName指令设置请求方案、主机名和端口
#服务器使用来标识自身。这在创建时使用
#重定向URL。在虚拟主机的上下文中,服务器名
#指定必须在请求的主机:标头中显示的主机名
#匹配此虚拟主机。对于默认虚拟主机(此文件),此
#该值不是决定性的,因为它被用作最后的宿主。
#但是,必须为任何其他虚拟主机显式设置它。
服务器名www.myapp.ml
服务器管理员webmaster@localhost
DocumentRoot/var/www/html
#可用日志级别:trace8、…、trace1、调试、信息、通知、警告、,
#错误、暴击、警报、紧急情况。
#还可以为特定应用程序配置日志级别
#模块,例如。
#日志级别信息ssl:警告
ErrorLog${APACHE_LOG_DIR}/error.LOG
CustomLog${APACHE\u LOG\u DIR}/access.LOG组合
别名/app/home/app/app src/static\u root
要求所有授权
别名/media/home/app/app src/media
要求所有授权
要求所有授权
WSGIScriptAlias//home/app/app src/Project/wsgi.py
WSGIDaemonProcess项目python path=/home/app/app src python home=/home/app/app src/venv
WSGIProcessGroup项目
#对于conf/available/中的大多数配置文件
#在全局级别启用或禁用,可以
#仅包含一个特定虚拟主机的行。例如
#以下行仅为此主机启用CGI配置
#在使用“A2F”全局禁用后。
#包括conf available/service-cgi-bin.conf
WSGIPassAuthorization On
SSLCertificateFile/etc/letsencrypt/live/www.myapp.ml/fullchain.pem
SSLCertificateKeyFile/etc/letsencrypt/live/www.myapp.ml/privkey.pem
Include/etc/letsencrypt/options-ssl-apache.conf
注意:这仅在我使用HTTPS协议时才会发生。更新
我开始在这里找到bug,我在自己的HTML文件中找到了它!我真的忘记了我的一个meta标签将referer设置为no referer,所以我只是用origin替换它,然后一切正常