1. 首頁
  2. 問答
  3. Nginx,SSL,Django,CSRF驗證失敗(自定義端口)

Nginx,SSL,Django,CSRF驗證失敗(自定義端口)

2015-08-28 71 views
2

我正在使用Django,nginx和Gunicorn進行項目工作。除了POST請求,一切都很好。 Django提出CSRF錯誤。 我不知道我的django和/或nginx conf中缺少什麼或錯誤。Nginx,SSL,Django,CSRF驗證失敗(自定義端口)

編輯:我發現什麼是錯的。因爲我的異國情調的SSL端口。 我換成這條線在 '位置/' 塊:

proxy_set_header Host $host;

由:

proxy_set_header Host localhost:8443;

Django的錯誤:

Forbidden (403): 
CSRF verification failed. Request aborted. 

Reason given for failure: 
Referer checking failed - https://localhost:8443/accounts/login/ does not match https://localhost/

這裏是我的nginx的conf:

server { 
    listen  8880; 
    server_name localhost:8443; 

    rewrite  ^https://$server_name$request_uri? permanent; 
} 

#Gunicorn 
upstream project { 
    server localhost:8888; 
} 

# HTTPS server 
server { 
    listen  8443 ssl default_server; 
    ssl   on; 
    server_name localhost; 

    ssl_certificate  /path/file.crt; 
    ssl_certificate_key /path/file.key; 

    #Disable SSLv3 
    ssl_protocols TLSv1 TLSv1.1 TLSv1.2; 
    ssl_session_cache shared:SSL:10m; 
    ssl_session_timeout 10m; 

    ssl_ciphers "EECDH+AESGCM:EDH+AESGCM:ECDHE-RSA-AES128-GCM-SHA256:AES256+EECDH:DHE-RSA-AES128-GCM-SHA256:AES256+EDH:ECDHE-RSA-AES256-GCM-SHA384:DHE-RSA-AES256-GCM-SHA384:ECDHE-RSA-AES256-SHA384:ECDHE-RSA-AES128-SHA256:ECDHE-RSA-AES256-SHA:ECDHE-RSA-AES128-SHA:DHE-RSA-AES256-SHA256:DHE-RSA-AES128-SHA256:DHE-RSA-AES256-SHA:DHE-RSA-AES128-SHA:ECDHE-RSA-DES-CBC3-SHA:EDH-RSA-DES-CBC3-SHA:AES256-GCM-SHA384:AES128-GCM-SHA256:AES256-SHA256:AES128-SHA256:AES256-SHA:AES128-SHA:DES-CBC3-SHA:HIGH:!aNULL:!eNULL:!EXPORT:!DES:!MD5:!PSK:!RC4"; 
    ssl_prefer_server_ciphers on; 
    add_header Strict-Transport-Security "max-age=63072000; includeSubdomains; preload"; 


    location/{ 
     proxy_pass   http://localhost:8888; 
     proxy_set_header X-Real-IP $remote_addr; 
     proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for; 
     proxy_set_header X-Forwarded-Ssl https; 
     proxy_set_header X-Forwarded-Proto https; 
     proxy_set_header X-Forwarded-Port 8443; 
     proxy_set_header Host $host; #Replaced by proxy_set_header Host localhost:8443; 
    } 
}

並在我的settin gs.py:

SECURE_PROXY_SSL_HEADER = ('HTTP_X_FORWARDED_PROTOCOL', 'https') 
SESSION_COOKIE_SECURE = True 
CSRF_COOKIE_SECURE = True

來源

2015-08-28 Mu An

+0

請接受任何答案,如果解決你的問題,或者自己寫的溶液,作爲一個答案,並接受它。謝謝! :) – Alfabravo

回答

0

試加在你location /這樣的:proxy_pass_header X-CSRFToken;

來源

2017-05-01 22:53:26

相關問題

 相關問題