I created a website in Django that I deployed on heroku. It contains the following line in its settings.py file:
ALLOWED_HOSTS = ['*']
This means that it allows connection with any domain name. But when I try to access a site from an iframe on an html page from my localhost, I get the following error when loading my webpage:
gkwhelps.herokuapp.com refused the connection.
here is the code of my iframe:
<Iframe src="https://gkwhelps.herokuapp.com"
width="450px"
height="450px"
/>
I don't know why this happens because I authorized access to all hosts before deploying on heroku, I don't know if heroku has a policy about this which conditions the access to other hosts or the error comes from elsewhere. Thanks !
If you look at the headers of your Heroku app, you will see the following:
X-Frame-Options: DENY
This means that Heroku refuses to accept iframe connections - hence the error you have received.
Related
I would like to know if it is possible to allow localhost to make changes to a specific site by setting it in the csp header in the settings.py file of the Django project. For my part, I am trying to load my Django site in an iframe present on a page at the following address http://localhost:3000/searchEngine. So I inserted this in my settings.py file:
CSP_FRAME_ANCESTORS = ("'self'", 'localhost:*')
This is taken into account, but still does not allow localhost to load the site in the iframe and I get the following error, when I try to load this site in the iframe:
Refused to frame 'https://gkwhelps.herokuapp.com/' because an ancestor violates the following Content Security Policy directive: "frame-ancestors 'self' localhost:*".
I don't know not why yet I did not make syntax errors. So I wonder if django-csp takes localhost into account. I would like to allow my site to load in an iframe from any port in my localhost.
iam getting error 404 while saving realm, changing uri in virtual host > wordpress litespeed admin console in digital ocean droplet. anyone can why is it happening because of it i can;t able to change url of phpmyadmin, create realms and other things.
I try to securing phpmyadmin but this error don't let me do it
I've just finished creating a Django-React app and have pushed the changes to Heroku. The frontend (JS and CSS) appear on the website no problem, but requests to the backend result in the following error:
[blocked] The page at https://lyrics-chords.herokuapp.com/ was not allowed to display insecure content from http://localhost:8000/auth/user
I've consulted the Internet but no one seems to be getting the same error message. Consulting a friend, it seems as if I have to https secure my backend, and futher researching the subject, it seems that there is no free way to upload a SSL/TSL certificate (reference: heroku: set SSL certificates on Free Plan?). Is there a solution to this?
Silly me, really. Turns out, localhost:8000 refers to the computer of the user. https://lyrics-chords.herokuapp.com/ is the server for both the backend and frontend, so updating the backend end URL calls sufficed.
After creating app in django and ensuring that everything works i tried to serve my app on remote server. The stack over there is Apache with mod-wsgi-py3. After setting up Apache with documentation provided by mod_wsgi i am having problems with mod-wsgi
To make sure that i dont have any problem with my app i checked on standard admin page in Django. The only open domain from that server to access is 'https://app.web.corpnet.pl:15003/app/' so all my uri's use this as a root.
I think that the problem is either in django settings (allowed hosts?) or apache conf so im pasting these:
ALLOWED_HOSTS = ['localhost', 'app.tnweb.corpnet.pl',
'app.tnweb.corpnet.pl:15003', 'app.corpnet.pl', 'corpnet.pl']
Problem is described by django debug as:
Forbidden (403)
CSRF verification failed. Request aborted.
Help
Reason given for failure:
Referer checking failed - https://app.tnweb.corpnet.pl:15003/app/admin/login/?next=/app/admin/ does not match any trusted origin
Try declaring a SECRET_KEY:
'app.config[‘SECRET_KEY’]=‘aSecretAndComplexString’'
Usualy CSRF verification method fails if no secret key is declared.
Setting up production lucee box, having issues locating ajax library in lucee server. My browser unable to find ajax library showing 404 error.
I am not sure this is because of firewall or lucee server configuration issue.
My development and staging working fine only having issue in production server.
Request URL: https://example.com/mapping-tag/lucee/core/ajax/JSLoader.cfc?method=get&lib=LuceeAjax
Request Method: GET
Status Code: 404
Remote Address: 201.10.26.29:443
Referrer Policy: no-referrer-when-downgrade
Please advise..
With an Adobe CF server, the JS files related to cfajaxproxy are in the /CFIDE/scripts/ folder. The /CFIDE/ folder is removed from public access when the server is locked down. To allow access to the JS files for the UI and ajax tags, you can specify an alias in CF Admin for that folder.
For example, /cfjs would map to /CFIDE/scripts in CF Amin, so CF will generate that path for cfajaxproxy use. You'd have to create this folder alias in IIS or whatever web server you're using.
If on Lucee, the folder /lucee/core/ is blocked when locked down, there should be a similar solution for that engine.