Receiving webhook over https in django development server tunneled using ngrok - django

I need to test a payment integration, where the payment service sends a webhook when payment is successful. The url for the webhook must be https://xxx-ngrock.io/paymentNotification. In this case, I cannot change the url to http. My problem is, I cannot receive this webhook because:
In development mode django does not allow traffic over https only over http
I tunnel to my development server using this command ./ngrok http https://localhost:8000 which I guess should forward the https traffic, but I have no way of testing it since the development server does not accept traffic over http in the first place.
Additional comments. Currently the ngrok forwarding map where both traffic from http and https are mapped to the https internal traffic that Django does not support for its development serveer.
ngrok by #inconshreveable (Ctrl+C to quit)
Session Status online
Account JianDk (Plan: Free)
Version 2.3.40
Region United States (us)
Web Interface http://127.0.0.1:4040
Forwarding http://3304-94-147-65-45.ngrok.io -> https://localhost:8000
Forwarding https://3304-94-147-65-45.ngrok.io -> https://localhost:8000
Connections ttl opn rt1 rt5 p50 p90
7 0 0.06 0.02 0.00 0.01
HTTP Requests
-------------
GET /favicon.ico
GET /
GET /favicon.ico
GET /
GET /
GET /favicon.ico
GET /

ngrok will provide one http and one https links for you to tunnel your dev server to.
If I have misunderstood your question, please add a comment!

Related

GET requests are regularly (every 2 s) sent on the root of my Django app when enabling SSL

I have a dockerized Django application which is working well on port 80.
Nginx is running on my server with a basic rule, catching traffic on port 80 and redirecting it to the exposed port of my app container.
Everything works fine.
Then, I enabled SSL, added a listen 443 default_server ssl; to my nginx server, but from now, my container logs are showing GET requests like this every 2 seconds:
djangotutorial-app-1 | 2022-10-06T14:58:29.131231656Z Not Found: /
djangotutorial-app-1 | 2022-10-06T14:58:29.133263459Z [06/Oct/2022 14:58:29] "GET / HTTP/1.0" 404 2167
(repetitions of these lines ~every 2 seconds...)
so it's "bloating" the logs. This didn't happen without SSL.
As I don't know where to search from here, because there is obviously no error message or whatever useful information, I would be glad if someone has an idea on how to debug that.

Flask redirection to https prevents http request to work [duplicate]

This question already has answers here:
Are a WSGI server and HTTP server required to serve a Flask app?
(3 answers)
Closed 4 months ago.
I'm using Flask to deliver maps designed with folium.
I'd like to add a geolocation service, and hence, need to migrate change http to https.
I've found a couple of example pages, and the https page delivery works fine.
But ... my users still try to connect through http requests, and redirection from http to https does not work.
More precisely, i've added this code to handle http to https conversion:
#app.before_request
def before_request():
print ("url", request.url)
if request.url.startswith('http://'):
url = request.url.replace('http://', 'https://', 1)
code = 301
print ("url", request.url)
return redirect(url, code=code)
The server initialization works like that :
context = ssl.SSLContext()
context.load_cert_chain('mycert.pem',
'myprivkey.pem')
app.run(debug=False, host= '0.0.0.0', port=5051, ssl_context=context)
The url gets printed when I call https pages, but never when I call http pages.
Any clue why the https activation prevents http from working ?
Your Flask server is HTTPS only. When a browser sends an HTTP (non-secure) request but server responds with HTTPS related (handshake etc) response, then browsers like Firefox/Chrome will abort the flow and display something like:
The connection was reset
The connection to the server was reset while the page was loading.
Your Flask is SSL enabled, users trying with http:// will not be reach the step you have provisioned to redirect them to https://.
You could put a reverse proxy listening on both HTTP (80) and HTTPS (443) ports, HTTPS listener will be forwarding the requests to Flask, HTTP listener will be doing the redirection to HTTPS.

Django issue with angular

I am trying to deploy my application using below tech stack:
Angular - Frontend
Django - Backend
When I am trying to access over https my app the backend is giving following error
Not Found: /
[05/Jul/2021 00:57:08] "GET / HTTP/1.1" 404 2356
[05/Jul/2021 02:42:50] code 400, message Bad request version ('À\x14À')
[05/Jul/2021 02:42:50] You're accessing the development server over HTTPS, but it only supports HTTP.
You're using the development server to host the application, this is not suggested and does not work with https only http.
Use a production grade server like:
Apache
Nginx
Others
For more information visit the django-depolyment docs
You will also need to generate and sign a https certificate, for that I would suggest using Lets Encrpty

Handshake error in Webservice

Our integration partner was using our Web service with http: 8090 and now we are moving to https: 8443 so they tried to update the WS URL but they are getting "handshake error". They are asking whether they can still use http 8090. If we route any traffic coming from http 8090 to https 8443 in the webserver config, will they still get handshake error?
When you create a redirect, the server sends a HTTP 302 which the client is obligated to follow, which means that they should still get the error. depending on your setup, and config, they may be able to send the request anyway, but if that works, then all your traffic is potentially insecure...

Django Socketio Nginx proxy & session cookie issue

I have followed this tutorial: http://www.stephendiehl.com/?p=309 describing how to run a gevent pywsgi server serving Django with socketio behind a nginx front-end.
As this tutorial says, Nginx doesn't support websocket unless using a tcp proxy module. This proxy module doesn't support the use of the same port for socketio and classic serving, from what I understood the configuration look like that:
nginx listen on port 80
nginx tcp proxy listen on port 7000
Everything is forwarded to port 8000
Problem: the resulting socketio request doesn't include the django cookie containing the session id so I have no information on the requesting user in my django view.
I guess it's caused by the fact that the request is made to another port (7000) causing the browser to identify the request as cross-domain ?
What would be the cleanest way to include the django cookie into the request ?
Most answers in this question seem to indicate that port doesn't matter.
Also checked and supposedly WebSockets is regarded as HTTP, so HTTPOnly cookies should still be sent.
SocketIO seems to be using a custom Session manager to track users. Maybe try and link that up?