允许CSRF_TRUSTED_ORIGIN DJANGO中的所有IP

发布于 2025-01-31 01:20:42 字数 475 浏览 3 评论 0原文

如何允许Django的CSRF_TRUSTED_ORIGIN中的所有IP 后端Django restapi正在运行，前端在一个系统中处于Angular，我们正在尝试在另一个系统中使用系统IP访问，我能够访问前端，而在访问后端post方法API不起作用的同时，它在CSRF Trust的起源中找不到它。在设置中。我使我变得动态IP。

import socket
def get_ipaddress(): 
    
   host_name = socket.gethostname()
   ip_address = socket.gethostbyname(host_name) 
   return "http://"+ip_address+":4200"

ALLOWED_HOSTS=["*"]
CSRF_TRUSTED_ORIGINS=[get_ipaddress()]

试图使用CSRF_EXCEMPT，但它不起作用。 django4.0.1的版本，角16

原文

How to allows all/ any ips in CSRF_TRUSTED_ORIGIN of django
Backend django restapi are running and frontend is on angular in one system and we are trying to access with system ip in another system, i am able to access frontend and while accessing backend POST method API's are not working it's showing not found in csrf trusted origins.
In settings.py i made get dynamic ips.

import socket
def get_ipaddress(): 
    
   host_name = socket.gethostname()
   ip_address = socket.gethostbyname(host_name) 
   return "http://"+ip_address+":4200"

ALLOWED_HOSTS=["*"]
CSRF_TRUSTED_ORIGINS=[get_ipaddress()]

Tried to use csrf_excempt , but it's not working.
Version of django4.0.1,
Angular 16

分享到QQ

分享到微博

如果你对这篇内容有疑问，欢迎到本站社区发帖提问参与讨论，获取更多帮助，或者扫码二维码加入 Web 技术交流群。

发布评论

需要登录才能够评论，你可以免费注册一个本站的账号。

堇年纸鸢 2025-02-07 01:20:42

对于CSRF，您只需要白名单/允许托管Angular应用程序的服务器的IP即可。在运行Angular应用程序时，您应该在浏览器中访问Angular App的URL。
例如：“ http：// localhost：4200”或http://192.168.1.1.1.1：4200。或https://whateveryourwebappurlis.com。

这是您用来将应用程序加载到浏览器中的URL。您需要将其关注。


CSRF_TRUSTED_ORIGINS=["http://localhost:4200", "https://whateveryourwebappis.com"]

确保您将其传递给您的请求的原始标题到Django应用程序。
阅读更多信息： https://djangoproject.com /en/4.0/ref/settings/#csrf-trusted-origins
如果您还没有将方法和标头列为白色，请在您的设置中也这样做。

CORS_ALLOW_ALL_ORIGINS=False

CSRF_TRUSTED_ORIGINS = [
    "http://yourwhitelistedip.com",
]

CORS_ALLOW_METHODS = [
'DELETE',
'GET',
'OPTIONS',
'PATCH',
'POST',
'PUT',
]

CORS_ALLOW_HEADERS = [
    'accept',
    'accept-encoding',
    'authorization',
    'content-type',
    'dnt',
    'origin',
    'user-agent',
    'x-csrftoken',
    'x-requested-with',
]

For CSRF you need only to whitelist/allow the IP of the server where your angular app is hosted. While you are running angular app you should whitelist the url you access your angular app in browser
e.g: "http://localhost:4200" or http://192.168.1.1:4200. or https://whateveryourwebappurlis.com.

This is the URL you use to load the app in browser. You need to whitelist this.


CSRF_TRUSTED_ORIGINS=["http://localhost:4200", "https://whateveryourwebappis.com"]

Make sure that you are passing this is in the origin header of your request to django app.
Read more at: https://docs.djangoproject.com/en/4.0/ref/settings/#csrf-trusted-origins
In case you already haven't whitelisted the methods and headers, please do that as well in your settings.

CORS_ALLOW_ALL_ORIGINS=False

CSRF_TRUSTED_ORIGINS = [
    "http://yourwhitelistedip.com",
]

CORS_ALLOW_METHODS = [
'DELETE',
'GET',
'OPTIONS',
'PATCH',
'POST',
'PUT',
]

CORS_ALLOW_HEADERS = [
    'accept',
    'accept-encoding',
    'authorization',
    'content-type',
    'dnt',
    'origin',
    'user-agent',
    'x-csrftoken',
    'x-requested-with',
]

回复收藏 0 原文