为什么 Django 不在 Varnish 代理后面生成 CSRF 或会话 Cookie?
在带有 Apache2 的 Linux 服务器上运行 Django 1.2.5,由于某种原因,Django 似乎无法存储 CSRF 或会话 cookie。因此,当我尝试登录 Django 管理员时,它会在提交登录表单时显示 CSRF 验证错误。有没有人遇到过这个问题并找到解决方案?
当我在主机提供的 VPS 网址上尝试此操作时,我能够发布有效的帖子。示例:vps123.hostdomain.com/admin/ 并且对于该域,确实设置了 cookie。但是,当我访问 www.sitedomain.com/admin/ 并尝试登录时,出现 CSRF 403 错误,指出 cookie 不存在,并且当我检查浏览器时,cookie 未设置。
我已尝试在我的设置文件中设置以下内容:
SESSION_COOKIE_DOMAIN = 'www.sitedomain.com'
CSRF_COOKIE_DOMAIN = 'www.sitedomain.com'
还尝试过:
SESSION_COOKIE_DOMAIN = 'vps123.hostdomain.com'
CSRF_COOKIE_DOMAIN = 'vps123.hostdomain.com'
我已将“django.middleware.csrf.CsrfViewMiddleware”添加到settings.py中的MIDDLEWARE_CLASSES中,并且表单中有一个CSRF令牌,它显示在POST中。
我启用了cookie。我已经在多个浏览器和机器上尝试过这个。
www.sitedomain.com 前面有一个清漆代理服务器,我认为这可能是问题的一部分。任何有使用代理服务器和 Django 经验的人都可以对此有所了解。
我的apache2配置:
NameVirtualHost *:80
<VirtualHost *:80>
ServerName www.sitedomain.com
ServerAlias www.sitedomain.com
<Location "/">
Options FollowSymLinks
SetHandler python-program
PythonInterpreter nzsite
PythonHandler django.core.handlers.modpython
PythonDebug On
PythonPath "['/var/www/django_projects', '/var/www', '/usr/lib/python2.6/dist-packages'] + sys.path"
SetEnv DJANGO_SETTINGS_MODULE project_one.settings
</Location>
<location "/phpmyadmin">
SetHandler None
</location>
</VirtualHost>
<VirtualHost *:80>
ServerName othersite.sitedomain.com
ServerAlias othersite.sitedomain.com
<Location "/">
Options FollowSymLinks
SetHandler python-program
PythonInterpreter ausite
PythonHandler django.core.handlers.modpython
PythonDebug On
PythonPath "['/var/www/django_projects', '/var/www', '/usr/lib/python2.6/dist-packages'] + sys.path"
SetEnv DJANGO_SETTINGS_MODULE project_two.settings
</Location>
<location "/phpmyadmin">
SetHandler None
</location>
</VirtualHost>
Running Django 1.2.5 on a Linux server with Apache2 and for some reason Django seems like it cannot store CSRF or Session cookies. Therefore when I try to login to the Django admin it gives me a CSRF verification error upon submitting the login form. Has anyone come up against this and found a solution?
I AM able to make a valid post when i try this at the url of my VPS that was provided by my host. Example: vps123.hostdomain.com/admin/ and for that domain the cookies DO get set. However, when I go to www.sitedomain.com/admin/ and try to login I get a CSRF 403 error saying the cookie is not there and when I check in my browsers cookies they are not set.
I have tried setting the following in my settings file:
SESSION_COOKIE_DOMAIN = 'www.sitedomain.com'
CSRF_COOKIE_DOMAIN = 'www.sitedomain.com'
Also tried:
SESSION_COOKIE_DOMAIN = 'vps123.hostdomain.com'
CSRF_COOKIE_DOMAIN = 'vps123.hostdomain.com'
I have 'django.middleware.csrf.CsrfViewMiddleware' added to my MIDDLEWARE_CLASSES in settings.py and there is a CSRF token in the form and it shows up in the POST.
I have cookies enabled. I have tried this on multiple browsers and machines.
There is a varnish proxy server sitting in front of www.sitedomain.com that I think may be part of the problem. Anyone with experience using proxy servers and Django may be able to shed some light on that.
My apache2 config:
NameVirtualHost *:80
<VirtualHost *:80>
ServerName www.sitedomain.com
ServerAlias www.sitedomain.com
<Location "/">
Options FollowSymLinks
SetHandler python-program
PythonInterpreter nzsite
PythonHandler django.core.handlers.modpython
PythonDebug On
PythonPath "['/var/www/django_projects', '/var/www', '/usr/lib/python2.6/dist-packages'] + sys.path"
SetEnv DJANGO_SETTINGS_MODULE project_one.settings
</Location>
<location "/phpmyadmin">
SetHandler None
</location>
</VirtualHost>
<VirtualHost *:80>
ServerName othersite.sitedomain.com
ServerAlias othersite.sitedomain.com
<Location "/">
Options FollowSymLinks
SetHandler python-program
PythonInterpreter ausite
PythonHandler django.core.handlers.modpython
PythonDebug On
PythonPath "['/var/www/django_projects', '/var/www', '/usr/lib/python2.6/dist-packages'] + sys.path"
SetEnv DJANGO_SETTINGS_MODULE project_two.settings
</Location>
<location "/phpmyadmin">
SetHandler None
</location>
</VirtualHost>
如果你对这篇内容有疑问,欢迎到本站社区发帖提问 参与讨论,获取更多帮助,或者扫码二维码加入 Web 技术交流群。
绑定邮箱获取回复消息
由于您还没有绑定你的真实邮箱,如果其他用户或者作者回复了您的评论,将不能在第一时间通知您!
发布评论
评论(3)
问题是我的站点前面有一个 Varnish 代理服务器。 Varnish 正在接受请求并从中剥离 cookie。为了解决这个问题,我必须让管理 Varnish 服务器的公司将“/admin”添加到例外列表中,以便可以传递 cookie。抱歉,我无法详细说明 Varnish 流程的工作原理。
The problem was that I have a Varnish Proxy server in front of my site. Varnish was taking requests and stripping cookies from them. To fix this I had to have the company that is managing the Varnish Server add '/admin' to a list of exceptions so that cookies could be passed. Sorry I can't shed more light on how the Varnish process works.
您是否在表单模板中包含
{{csrf_token}}?包括中间件?
根据您的编辑,猜测可能与 Apache 中的 VirtualHost 配置有关(如果您的提供商使用的是 apache)。这是我的 apache 配置之一的编辑版本。
可能是这样,apache 中的服务器名称必须与您点击框的域名以及 Django 配置中的 *_COOKIE_DOMAIN 设置相匹配。我不确定你是否能够改变这一点。如果没有其他答案可以获胜,可能值得与您的提供商交谈。
Are you including the
{{csrf_token}}in your form template?And including the middleware?
From your edit, at a guess, it might have something to do with the VirtualHost configuration in Apache (if your provider is using apache). Here is an edited version of one of my apache configurations.
It may be the case that the server name within apache has to match the domain name you are hitting the box at, along with the *_COOKIE_DOMAIN settings in your Django configuration. I'm not sure if you'll be able to change this though. Might be worth speaking to your provider if no other answers yield a win.
您是否使用 csrf 信息更新模板数据?
Are you updating your template data with the csrf info?