I'm trying to setup django site work ower https with csrf protection. It work on nginx server.
nginx works on https and my django app succesful serve GET requests. when i try to make post request it's fail with
Forbidden (403)
CSRF verification failed. Request aborted.
CSRF cookie not set.
I set
fastcgi_param HTTPS on;
in settings.py
SESSION_COOKIE_SECURE = True
CSRF_COOKIE_SECURE = True
but no results. Is any ideas?
UPDATE! Now i try to work with my django app ower http with nginx and i have the same problem, so https does not make a sense. How can I start it work with nginx ower http and use csrf开发者_StackOverflow protection?
UPDATE! AND SOLUTION! ensure_csrf_cookie - decorator to force sending csrf token to requested page. it helps me because my app works mostly with ajax POST and GET, which don't use the tags.
I believe you need either the csrf tag inside your html template,
<form action="" method="post">{% csrf_token %}
or a decorator above your view method ...
@csrf_protect
def my_view(request):
Read here: https://docs.djangoproject.com/en/dev/ref/contrib/csrf/
精彩评论