django帖子切换到负载均衡器后收到CSRF验证失败 [英] django posts receive CSRF verification failed after switching to load balancer

问题描述

我有一个有效的登录模板，该模板上有一条帖子，看起来像:

I have a working login template that does a post and looks like:

<form action="" method="post">
            {% csrf_token %}
              <br>
                  {{form.email}}
                 

              <div class="text-center">
                <button type="submit">Login</i></button>
              </div>

            </form>

我的SSL设置如下:

SECURE_SSL_REDIRECT = False
SECURE_HSTS_SECONDS = 3600
SESSION_COOKIE_SECURE = False
SECURE_PROXY_SSL_HEADER = None
CSRF_COOKIE_SECURE = False

我做了两个更改.我切换到aws ec2弹性负载均衡器，并从https切换到http.

I made two changes. I switched to an aws ec2 elastic load balancer and from https to http.

现在我得到一个错误:

禁止(403)CSRF验证失败.请求已中止.

Forbidden (403) CSRF verification failed. Request aborted.

您正在看到此消息，因为此站点需要CSRF cookie提交表格时.出于安全原因，此Cookie是必需的，以确保您的浏览器不会被第三方劫持.

You are seeing this message because this site requires a CSRF cookie when submitting forms. This cookie is required for security reasons, to ensure that your browser is not being hijacked by third parties.

如果您已将浏览器配置为禁用Cookie，请至少针对此网站或相同来源"的请求重新启用它们.

If you have configured your browser to disable cookies, please re-enable them, at least for this site, or for 'same-origin' requests.

有人知道为什么会这样吗?

Does anyone know why this is occurring?

推荐答案

我必须有一个过时的cookie.当我进入Chrome隐身模式时，一切正常，响应为200.

I must have a stale cookie. When I go to Chrome incognito mode, all works as would expect with a 200 response.

这篇关于django帖子切换到负载均衡器后收到CSRF验证失败的文章就介绍到这了，希望我们推荐的答案对大家有所帮助，也希望大家多多支持IT屋！