Django Rest Framework browsable API breaks when changing the port - django

I'm currently developing my first app with DRF and I'm pretty impressed by it and the browsable API it has build in. However, when I change the port where I host my application (both in manage.py aswell as in the runserver command), all the buttons stop working. I can still click on links to make sure resources where created, but that's about it. I also can't log in and the POST forms don't appear, which is really the most annoying part. Moreover, when I change the port back to the default 8000, it's still broken.
Don't really know if I can post an example of this. It doesn't seem to depend on anything in the actual code. It just happens when I change the port.

So while I don't know what exactly caused it, a CTRL-reload has fixed it for now. Still pops up from time to time.

Related

Flask-Login disconnects me from the database ... then from my backoffice

I have a problem with (I think) Flask Login.
The project is a keyword tracking on Google.
I have a page, which lists all the keywords in a chart (ChartJs).
It's a loop. For each keyword, I generate a chart that retrieves all the positions in the database.
Before, I did not use Flask Login. I was blocking ips via htaccess.
Everything worked fine. The (approximately) 80 keyword graphs loaded without problems.
But since I use Flask Login, only 3 graphics load.
When I want to reload the pager OR go to another page of the site, I get disconnected.
With this information, can you see what the problem is?
What script from the project should I share to make it clearer?
thanks

I can't sign into the Django admin login page

I have started multiple Django projects with like four different tutorials. Every single time I try "python manage.py createsuperuser", the admin login page just loads and loads and never goes anywhere. I want to make it absolutely clear that I haven't touched a thing in the code and everything is default code. I migrated everything before login. I've tried deleting the database and re-migrating. None of that works. Can someone help me? I have made around 10-15 accounts and NONE of them work. The page just keeps loading indefinitely and never goes anywhere. I've looked at EVERY stackoverflow post and no answers work. I started a virtualenv, downloaded Django, didn't touch the code, made migrations, I followed every tutorial TOO THE LETTER(!!!) and this is what I keep getting. The current tutorial hasn't changed in default code and he signed in with no problems. I'm assuming if he did, I can...I don't think putting code in is necessary since it's all virgin code, never touched. I didn't even make any apps yet.
I've tried deleting database and re-migrating
changing the password of current superuser
deleting the entire project and following everything the instructor said (TO THE LETTER!!!)
I have made 10-15 superuser accounts and none work
This sounds similar to a problem I was seeing. I wrote a question for it here (no answers yet): Django local dev server hangs with chrome after form submission. Works in firefox
Are you using windows and the chrome browser? Try using firefox to access the admin page and login. That worked for me. I'm still trying to figure out why Chome doesn't work, though. Like you, I created a brand new project from scratch; sometimes Chrome works and most of the time it doesn't. I've also found that hitting the stop button while the browser is sitting there thinking, then refresh, makes the logged in admin page show up.

Django Install Not Visible - No Errors

I recently did a successful Django install, and everything went as expected. No errors. But, nothing shows up. It is as if I had never installed Django.
There are no errors. Checking Django/Python versions returns as expected. From the console, I can create new projects/apps, run migrations, create users, etc. Everything seems to work. Except, when I go to mydomain.com, it just loads the old site's index.html as if Django doesn't exist.
I realize the above question isn't a good question. I figured out my problem before posting the question and decided to post my answer below with the question for future reference should others have the same issue later.
After the fruitless task of deleting and recreating my project files, I eventually figured out what happened with my Django installation. I had never enabled Passenger. On the web host in this case, DreamHost, it is just a simple checkbox in the control panel to enable, but I never did.
Other than the fact that I should have remembered I need to do enable Passenger for Django to show up, a couple things should have tipped me off. There was no tmp folder with a restart.txt file. I manually added it (that file's important), but didn't stop to think about why it wasn't there. Also, the html files were loading without being in the public folder.
That gave me an hour or so of frustration today, so I thought others might google this later and find this useful. Searching for "Django site has no errors but still doesn't work" wasn't a fruitful avenue for me.

Is someone trying to hack my Django website

I have a website that I built using Django. Using the settings.py file, I send myself error messages that are generated from the site, partly so that I can see if I made any errors.
From time to time I get rather strange errors, and they seem to mostly be around about the same area of the site (where I wrote a little tutorial trying to explain how I set up a Django Blog Engine).
The errors I'm getting all appear like something I could have done in a typo.
For example, these two errors are very close together. I never had an 'x' or 'post' as a variable on those pages.
'/blog_engine/page/step-10-sub-templates/{{+x.get_absolute_url+}}/'
'/blog_engine/page/step-10-sub-templates/{{+post.get_absolute_url+}}/'
The user agent is:
'HTTP_USER_AGENT': 'Mozilla/5.0 (compatible; Purebot/1.1; +http://www.puritysearch.net/)',
Which I take it is a scraper bot, but I can't figure out what they would be able to get with this kind of attack.
At the risk of sounding stupid, what should I do? Is it a hack attempt or are they simply trying to copy my site?
Edit: I'll follow the advice already given, but I'm really curios as to why someone would run a script like this. Are they just trying to copy. It isn't hitting admin pages or even any of the forms. It would seem like harmless (aside from potential plagiarism) attempts to dig in and find content?
From your USER_AGENT info it looks like this is a web spider from puritysearch.net.
I suggest you do is put a CAPTCHA code in you website. Program it to trigger when something tries to access 10 pages in 10 seconds (mostly no humans would do this or figure out a proper criteria to trigger your CAPTCHA).
Also, maintain robots.txt file which most crawlers honor. Mention your rules in robots.txt. You can say the crawlers to keep off certain busy sections of your site etc.
If the problem persists, you might want to contact that particular site's system admin & try to figure out what's going on.
This way you will not be completely blocking crawlers (which are needed for your website to become popular) and at the same time you are making sure that your users get fast experience on your site.
Project HoneyPot has this bot listed as a malicious one http://www.projecthoneypot.org/ip_174.133.177.66 (check the comments there) and what you should probably do is ban that IP and/or Agent.

Logging Django Errors instead of returning them to inspect API callback

I'm working on a project that gets callbacks from some other sites' API. I expect my code to have a few errors, because I'm new to Python & Django. My site in development is using mod_wsgi and Apache with Debug = True ;)
The API I get the calls from adds a parameter to the querystring to my callback that is built using their own private key. So I have no way of accurately simulating that. If my code fails once I activate my probably faulty key validation code, I have no way of knowing except for apache server logs (which don't show the actual stacktrace or anything).
How can I log a more detailed python exception, like the one I usually see in my browser every 2 minutes ;) to a file? Especially the local variables around the faulty line are interesting obviously :)
Thanks! :)
If you set ADMINS in your settings.py (and set DEBUG=False) you will be emailed all 500 server errors (just like the DEBUG error page).
However, if you want your app to continue without responding with a 500, you can import logging and write your own debug log. There's a good tutorial here:
http://simonwillison.net/2008/May/22/debugging/