启用ssl后,Cors原始策略被阻止

时间:2019-05-26 00:06:04

标签: python django angular ssl nginx

我试图在Azure VM上部署Angular-Django项目,但无需HTTPS即可正常工作,但我必须将FCM添加到需要HTTPS的angular项目中,因为angular和Django都在同一服务器上运行不同的端口,例如angular上的* :80和Django在*:8000上,我分别为两者设置了SSL 我设法将其泊坞窗并启动并运行。但是后来我注意到Django上一个非常奇怪的错误,以启用cors标头,我不得不向Django添加更多选项,例如SSL_SECURE_REDIRECT,CORS_ORIGIN_ALLOW_ALL,CORS_ORIGIN_WHITELIST。等。当我设置SSL_SECURE_REDIRECT = True时,现在会发生这种情况,它可以在Mozilla和safari上运行,而不是在chrome中,如果我将其更改为False,则只能在Chrome浏览器中运行,并且safari会产生跨域策略错误。

  1. nginx上的proxy_pass-不走运
  2. 删除SSL_SECURE_REDIRECT-不走运
  3. 添加标题-没有运气
  4. 添加了受信任的来源-祝您好运
  5. 为Django重新安装了CORSHEADERS插件
  6. 在本地仍然有效
  7. 它是产品,所以我不能强迫用户使用任何浏览器
  8. 为生产和本地部署添加了不同的设置-浪费时间
  9. 在邮递员中工作
  10. 在Mozilla上,SSL_SECURE_REDIRECT = True无法访问Django静态HTML
  11. 尝试在Django和Angular上禁用SSL-仍然相同

我的设置.py(注意:原始域名已替换为example.com也是密钥)



import os

# Build paths inside the project like this: os.path.join(BASE_DIR, ...)
BASE_DIR = os.path.dirname(os.path.dirname(os.path.abspath(__file__)))


# Quick-start development settings - unsuitable for production
# See https://docs.djangoproject.com/en/2.1/howto/deployment/checklist/

# SECURITY WARNING: keep the secret key used in production secret!
SECRET_KEY = 'XXX XXX XXX XXX XXX XXX XXX XXX'

# FCM: Server Key
SERVER_KEY = 'XXXXXXX'
# SECURITY WARNING: don't run with debug turned on in production!
DEBUG = True

ALLOWED_HOSTS = ['0.0.0.0','example.com','localhost']


# Application definition

INSTALLED_APPS = [
    'django.contrib.admin',
    'django.contrib.auth',
    'django.contrib.contenttypes',
    'django.contrib.sessions',
    'django.contrib.messages',
    'django.contrib.staticfiles',
    'apis',
    'adminapis',
    'corsheaders',
    'sslserver',
]

MIDDLEWARE = [
    'corsheaders.middleware.CorsMiddleware',
    'django.middleware.common.CommonMiddleware',
    'django.middleware.security.SecurityMiddleware',
    'django.contrib.sessions.middleware.SessionMiddleware',
    'django.middleware.csrf.CsrfViewMiddleware',
    'django.contrib.auth.middleware.AuthenticationMiddleware',
    'django.contrib.messages.middleware.MessageMiddleware',
    'django.middleware.clickjacking.XFrameOptionsMiddleware',
    'corsheaders.middleware.CorsPostCsrfMiddleware',

]

ROOT_URLCONF = 'apollo.urls'

TEMPLATES = [
    {
        'BACKEND': 'django.template.backends.django.DjangoTemplates',
        'DIRS': [],
        'APP_DIRS': True,
        'OPTIONS': {
            'context_processors': [
                'django.template.context_processors.debug',
                'django.template.context_processors.request',
                'django.contrib.auth.context_processors.auth',
                'django.contrib.messages.context_processors.messages',
            ],
        },
    },
]

WSGI_APPLICATION = 'apollo.wsgi.application'


# Database
# https://docs.djangoproject.com/en/2.1/ref/settings/#databases


# DATABASES = {
#     'default': {
#         'ENGINE': 'django.db.backends.mysql',
#         'OPTIONS': {
#             'read_default_file': os.path.join(BASE_DIR, 'conf.cnf'),
#         },
#     }
# }

DATABASES = {
    'default': {
        'ENGINE': 'django.db.backends.mysql',
        'NAME': 'apollo_connect',
        'USER': 'root',
        'PASSWORD': 'password',
        'HOST': 'db',
        'PORT': 3306,
    }
}
# Password validation
# https://docs.djangoproject.com/en/2.1/ref/settings/#auth-password-validators

AUTH_PASSWORD_VALIDATORS = [
    {
        'NAME': 'django.contrib.auth.password_validation.UserAttributeSimilarityValidator',
    },
    {
        'NAME': 'django.contrib.auth.password_validation.MinimumLengthValidator',
    },
    {
        'NAME': 'django.contrib.auth.password_validation.CommonPasswordValidator',
    },
    {
        'NAME': 'django.contrib.auth.password_validation.NumericPasswordValidator',
    },
]


# Internationalization
# https://docs.djangoproject.com/en/2.1/topics/i18n/

LANGUAGE_CODE = 'en-us'

TIME_ZONE = 'UTC'

USE_I18N = True

USE_L10N = True

USE_TZ = True


# Static files (CSS, JavaScript, Images)
# https://docs.djangoproject.com/en/2.1/howto/static-files/

# Bug here on false works on all browsers except chrome else works only in chrome
SECURE_SSL_REDIRECT = True
STATIC_URL = '/static/'
CORS_ALLOW_CREDENTIALS = True
CORS_ORIGIN_ALLOW_ALL = True   
CSRF_TRUSTED_ORIGINS = [
    'example.com',
]
CORS_ORIGIN_WHITELIST = [
   "example.com",
   "example.com:443",
   "http://example.com",
   "https://example.com",
]

我的Ngnix Conf 

server {

  listen 80;
  listen   443 default_server ssl;
  sendfile on;

  default_type application/octet-stream;


  server_name example.com;
  ssl_certificate        /etc/nginx/ssl/bundle.crt;
  ssl_certificate_key    /etc/nginx/ssl/private.key;

    if ($scheme = http) {
        return 301 https://$server_name$request_uri;
    }

  gzip on;
  gzip_http_version 1.1;
  gzip_disable      "MSIE [1-6]\.";
  gzip_min_length   1100;
  gzip_vary         on;
  gzip_proxied      expired no-cache no-store private auth;
  gzip_types        text/plain text/css application/json application/javascript application/x-javascript text/xml application/xml application/xml+rss text/javascript;
  gzip_comp_level   9;


  root /usr/share/nginx/html;


  location / {
    try_files $uri $uri/ /index.html =404;
  }

}

期望它可以跨平台运行。

谢谢

0 个答案:

没有答案
相关问题
最新问题