原始错误是:
[Sat Apr 27 13:52:46.386072 2019] [wsgi:error] [pid 15601:tid 140129939744512] [remote <ip-address-removed>] Forbidden (CSRF cookie not set.): /login/
使用Django默认登录视图的应用程序。
from .forms import UserLoginForm
path('login/', authviews.LoginView.as_view(authentication_form=UserLoginForm))
登录视图的形式:
<form action="" method="post">
{% csrf_token %}
<div class="form-group has-feedback">
{{ form.username}}
</div>
<div class="form-group has-feedback">
{{ form.password}}
</div>
<div class="row">
<div class="col-8">
</div>
<!-- /.col -->
<div class="col-4">
<button type="submit" class="btn btn-primary btn-block btn-flat">Sign In</button>
</div>
<!-- /.col -->
</div>
</form>
Apache虚拟主机conf文件:
<IfModule mod_ssl.c>
<VirtualHost *:443>
ServerName foo.example.edu.tr
ServerAdmin foo@example.edu.tr
DocumentRoot /home/<removed>/projects/abcpweb/production/ABCPWeb/webapp
ErrorLog ${APACHE_LOG_DIR}/error.log
CustomLog ${APACHE_LOG_DIR}/access.log combined
# WSGI configurations
Alias /media/ /home/<removed>/projects/abcpweb/production/ABCPWeb/media/
Alias /static/ /home/<removed>/projects/abcpweb/production/ABCPWeb/webapp/static/
<Directory /home/<removed>/projects/abcpweb/production/ABCPWeb/webapp/static>
Require all granted
</Directory>
<Directory /home/<removed>/projects/abcpweb/production/ABCPWeb/media>
Require all granted
</Directory>
WSGIDaemonProcess abcpweb python-home=/home/<removed>/projects/abcpweb/production/EnvABCPWebProd python-path=/home/<removed>/projects/abcpweb/product
ion/ABCPWeb:/home/<removed>/projects/abcpweb/production/EnvABCPWebProd/lib/python3.6/site-packages
WSGIProcessGroup abcpweb
WSGIScriptAlias / /home/<removed>/projects/abcpweb/production/ABCPWeb/ABCPWeb/wsgi.py process-group=abcpweb
WSGIPassAuthorization On
<Directory /home/<removed>/projects/abcpweb/production/ABCPWeb/ABCPWeb>
<Files wsgi.py>
Require all granted
</Files>
</Directory>
</VirtualHost>
</IfModule>
wsgi.py文件(我没有删除注释以显示我之前尝试过的内容):
import os, sys, django
sys.path.append('/home/<removed>/projects/abcpweb/production/ABCPWeb')
sys.path.append('/home/<removed>/projects/abcpweb/production/EnvABCPWebProd/lib/python3.6/site-packages')
from django.core.wsgi import get_wsgi_application
from django.core.handlers.wsgi import WSGIHandler
os.environ.setdefault("DJANGO_SETTINGS_MODULE", "ABCPWeb.settings")
#django.setup(set_prefix=False)
#from django.core.handlers.wsgi import WSGIHandler
#application = WSGIHandler()
application = get_wsgi_application()
最后,是settings.py的相关部分:
INSTALLED_APPS = [
'django.contrib.admin',
'django.contrib.auth',
'django.contrib.contenttypes',
'django.contrib.sessions',
'django.contrib.messages',
'django.contrib.staticfiles',
'rest_framework',
'api',
'webapp',
'django_celery_results',
'jsonify',
]
MIDDLEWARE = [
'django.middleware.security.SecurityMiddleware',
'django.contrib.sessions.middleware.SessionMiddleware',
'django.middleware.common.CommonMiddleware',
'django.middleware.csrf.CsrfViewMiddleware',
'django.contrib.auth.middleware.AuthenticationMiddleware',
'django.contrib.messages.middleware.MessageMiddleware',
'django.middleware.clickjacking.XFrameOptionsMiddleware',
]
#CSRF_COOKIE_SECURE = False
#SESSION_COOKIE_SECURE = False
#SECURE_SSL_REDIRECT = True
CSRF_COOKIE_DOMAIN = '.example.edu.tr'
SESSION_COOKIE_DOMAIN = '.example.edu.tr'
CSRF_TRUSTED_ORIGINS = ['foo.example.edu.tr', '.example.edu.tr']
ROOT_URLCONF = 'ABCPWeb.urls'
WSGI_APPLICATION = 'ABCPWeb.wsgi.application'
我阅读了有关Stackoverflow和其他相关平台中的错误的所有问题,但我无法解决。我正在为此工作大约6个小时,但是我不知道错误的发生。
这些链接包含我尝试过的可能解决方案:
项目正在本地运行,没有错误。它发生在部署阶段。因此,我认为这与HTTPS或子域配置(wsgi,apache)有关。
更新:我已经解决了以下问题(在下面共享),用于将嵌入式模式限制为apache2.conf文件:
WSGIRestrictEmbedded On