用于HTTP和HTTPS的Django CSRF [英] Django CSRF for both HTTP and HTTPS

问题描述

CSRF令牌在每个表单中都可用，因为它可以在HTTP和HTTPS之间运行，并且遇到csrf令牌验证问题。应该是，但是当我在HTTP版本的网站，并尝试提交一个注释我得到以下错误。

禁止（403）
CSRF验证失败。请求已中止。

参考检查失败 - http：// mysite.com/blog/1/ 与 https://mysite.com/ 不符。

通过HTTPS查看博客可以正常工作。

任何人都知道如何获得验证以匹配两者？

解决方案

fastcgi_param HTTPS on;

设置一个环境变量，需要HTTPS在上当这个变量开启时，Django会对csrf令牌进行一些额外的执行。

I have a blog that runs behind both HTTP and HTTPS and am running into issues with the csrf token verification.

The CSRF token is available in each form as it should be, but when I'm on the HTTP version of the site and try to commit a comment I get the following error.

Forbidden (403) CSRF verification failed. Request aborted.

Referer checking failed - http://mysite.com/blog/1/ does not match https://mysite.com/.

It works fine when viewing the blog via HTTPS.

Anyone know how to get the verification to match both?

解决方案

I figured it out. It was an issue with my fastcgi parameters

fastcgi_param HTTPS on;

setting an environ variable that required HTTPS to be on. Django does some extra enforcement for the csrf tokens when this variable is on.

这篇关于用于HTTP和HTTPS的Django CSRF的文章就介绍到这了，希望我们推荐的答案对大家有所帮助，也希望大家多多支持IT屋！