Newbie here, I have this app on PA. Everything works as expected when debug is set to True. But when I set Debug to False to go into production, Every post request gives a "Forbidden (403) CSRF verification failed. Request aborted. " also media files are not accessible through templates. What am i doing wrong?
Forums
Django 403 error
I suspect you need to set the ALLOWED_HOSTS parameter in your settings.py. It's a list of the hostnames you expect your app to be accessed using, eg:
ALLOWED_HOSTS = ["www.mydomain.com"]
It's ignored in DEBUG = True mode, but when DEBUG = False, any request that hits your website that doesn't use a hostname in that list gets 403ed. And the list is empty by default.
giles
|
12095
posts
|
PythonAnywhere staff
|
Yes i did set the allowed host to my domain. Maybe you could take a look at the file if you could. It's loverspub. I even went as far as setting the allowed domain to the wildcard.
ALLOWED_HOSTS = ["*"].
Also, could you walk me through how to serve media files in production?
Ah, sorry, I read your original post too quickly and missed the "every post request" bit.
I see that you've got the hidden csrfmiddlewaretoken input there, so that should work. Hmm -- hang on, when I did my first attempt to access a POST view on your site, I got the error, but it's suddenly started working -- did you change something?
It looks like your media files are being served up correctly -- you're using the "Static files" table, which is the right way. Do you have an example of a media file that's failing to load? Or, perhaps, have you fixed that part of it since you posted your last message?
nope. That happens to me too. sometimes it works and sometimes it just doesn't work. I haven't fixed a thing there yet. When i make a post request through the bootstrap modal, It works perfectly. However when i use Template requests, it doesn't. and then sometimes it just works and then stops the next moment
oh about the media files, it's a user uploaded file. users to the site are supposed to upload their pictures which works correctly in development as with the post requests. It all fails when i turn off debug. I was wondering if it has to do with the part of my urls.py or how i served media files
Re: the media files -- so long as they're specified correctly in the static files table, it should all work. Can you give me a URL of one that fails?
Re: the CSRF error -- I see that there's an error "Bootstrap's JavaScript requires jQuery" when you load the page. Might that be interfering with your CSRF tokens somehow? I'm not sure how it might, but in general when weird stuff is happening it's good to make sure there are no errors, no matter how unrelated they might seem.
alright but you have to login. Use dmdolls@gmail.com as username and dola as password. Your login would only work from the home page of the site www.loverspub.com. Then go to www.loverspub.com/profile It's fine it's a test account.
I see that bootstrap requires jquery error. How to fix that i'm not sure but i figure it has to do with the bootstrap.js.min i have in my static folder. Have tried to fix that and got more errors so i simply left it since it does not interfere, or so i thought.
I get "wrong email address" when I try to log in with those credentials.
oh sorry...geraldsmiles@gmail.com and password is test
So the image in the centre of that page is being accessed from /media/media/No.jpg.
I can see that you've specified /media as routing to home/gerald/loverspub/media on the "Web" tab. There should be a / before that directory name, but if you add that then a request for /media/media/No.jpg will go to /home/gerald/loverspub/media/media/media/No.jpg, which I suspect has at least one too many medias in it.
yes. It has other folders depending on where the image. I've applied the fix you suggest and it works. thanks
But now the forbidden error 403 persists and that would not allow pictures to change or any other post operations.
Ok now the posts work once the user is logged in.
however, when a non authenticated user assesses a page and gets served the login template, the login throws a 403 forbidden exception. I have request context in the Views.py also.
I think it's definitely worth tracking down and fixing that jQuery error. It's possible that it's somehow trashing the CSRF tokens on some of your hidden inputs.
alright. I would set about to fix the JQuery thing and I would let you now if it fixes it or not. Either way, Thanks a lot. you've been a great help
Let me know if it doesn't fix it :-)
hello, I did fix the JQuery error but the 403 error persists. It's only when the user is not authenticated and gets redirected to the login page that this error comes uo....Weird
Very weird. Are you doing anything with session management/cookies in your views?
No. I purposefully avoided using session or cookies on the site because of a problem i once ran into sessions while i was working on a different. Although I'm thinking i should really use it because i have this Ajax request that runs every 5 seconds on the site and I think it's costly to do database operation that frequently. Any idea what I can do about this?
But at the moment no, There's no session/Cookies in the views
What's the Ajax request doing, out of interest? I wonder if it could be interfering with the session in some way...?
The Ajax request checks for messages when the user is logged in. In views.py, the function name is ruff.
I wonder (wild speculation here) if it's somehow changing the session data (and thus the CSRF token) inadvertently when you call it? Try switching it off temporarily and see if the CSRF error goes away. If it does, perhaps you should only have it enabled when the user is logged in?
So i turned off the ajax and the problem did not go away, so now the Ajax does not run when user is not authenticated. But the 403 error persists.
lol, It's fixed now. well I hope so. it just simply started working or more like it stopped throwing the exception. well for now, whew.
btw- just to clarify, you'd have to restart the webapp after turning on/off ajax to run the new code
idk, I think i did restart it, not sure don't remember. But then so far so good it works
:)
