403 for web request, 200 for browser request : Forums : PythonAnywhere

403 for web request, 200 for browser request

Hello!

I've catch a some issue in my payd accont.

http://great.new.vitosap.ru/payment_return/ is working fine if I open it with browser

But when 3rd party service is request for this page I see 403 error

5.196.121.217 - - [02/Feb/2018:14:57:45 +0000] "POST /payment_return/ HTTP/1.1" 403 1374 "-" "Mozilla/5.0 (Windows NT 5.1; rv:31.0) Gecko/20100101 Firefox/31.0" "_._.121.217" response-time=0.013

deleted-user-3267984 | 5 posts | Feb. 2, 2018, 3:05 p.m. | permalink

If you opened it in a browser, you made a get request. That log is showing a post request. You have not set your view to accept post requests.

glenn | 9718 posts | PythonAnywhere staff | Feb. 2, 2018, 3:18 p.m. | permalink

OMG! Tocken!

deleted-user-3267984 | 5 posts | Feb. 2, 2018, 3:19 p.m. | permalink

Hello, glenn!

This is just test Django view

def payment_return( request ):
    from django.http import HttpResponse
        return HttpResponse( 'ok' )

What I need to do?

deleted-user-3267984 | 5 posts | Feb. 2, 2018, 3:25 p.m. | permalink

I've found it in errors

2018-02-02 14:57:45,543: Forbidden (CSRF cookie not set.): /megakassa_payment_return/

deleted-user-3267984 | 5 posts | Feb. 2, 2018, 3:39 p.m. | permalink

I wrote

from django.views.decorators.csrf import csrf_exempt
@csrf_exempt
def payment_return( request ):
    ...

And now

 5.196.121.217 - - [02/Feb/2018:15:42:44 +0000] "POST /payment_return/ HTTP/1.1" 200 476 "-" "Mozilla/5.0 (Windows NT 5.1; rv:31.0) Gecko/20100101 Firefox/31.0" "_.___.121.217" response-time=0.401

deleted-user-3267984 | 5 posts | Feb. 2, 2018, 3:49 p.m. | permalink

Cool

glenn | 9718 posts | PythonAnywhere staff | Feb. 2, 2018, 4:56 p.m. | permalink

i have use csrf_exempt still i get 403 error, please help me out! The request works fine in local machine but csrf verification failed in production.

harshdonga | 9 posts | Jan. 28, 2021, 8:19 a.m. | permalink

We need to know more to help you. How does your code look like?

fjl | 4599 posts | PythonAnywhere staff | Jan. 28, 2021, 9:37 a.m. | permalink