We Keep Coding

Django cannot embed a Youtube url in a frame

I am trying to embed a youtube URL into a frame in a Django template. Each time I receive the same message in the console:
Refused to display 'https://www.youtube.com/' in a frame because it set 'X-Frame-Options' to 'sameorigin'.
I have tried inserting two decorators before the view:
#frame_deny_exempt
#xframe_options_exempt
No effect. In a final test I inserted this statement into settings.py just to see if it would turn off the xframe check:
X_FRAME_OPTIONS = 'ALLOWALL'
The same error appears.
I also tried removing the XFrameOptions middleware, no change.
This is in a local testing environment so I am using the Django web server, my production server (which I have not tried moving this to for obvious reasons) is an Azure instance running NGINX

Are you using an embeddable URL?
https://support.google.com/youtube/answer/171780
It is YouTube that is providing the X-Frame-Options header that the browser is complaining about, which implies you are trying to embed the normal URL to the video.

AWS, Django, Apache, ALLOWED_HOSTS not working 400 Bad Request

I have two Django applications working on the AWS Lightsail. First one is working great with www.firstapp.com and firstapp.com, but when I try to visit the second app without www in URL, it returns 400 Bad Request. In both apps, DEBUG set to False, and I have necessary hosts in settings.py like this:
ALLOWED_HOSTS = [
'.secondapp.com'
]
I have tried with '*' and also tried to write down all possible hosts in ALLOWED_HOSTS but it didn't work. I am able to see website with www.secondapp.com but secondapp.com always return Bad Request (400)
After any update in settings.py, I always restart Apache (tried to reload also) nothing changes, still getting 400 Bad Request. Any ideas? Maybe I should set up AWS in some way, this is my first experience with Django

For anyone who will face this kind of issues, check your VirtualHost configurations. In my VirtualHost configurations I had ServerName as www.secondapp.com when I add ServerAlias secondapp.com it works. Now I am able to see my app with www.secondapp.com and secondapp.com.
P.S.: However I don't have ServerAlias for first application but it still working as www.firstapp.com and firstapp.com, not sure why this casing an issue for the second one.

Django error when entering from multiple domains

I'm by setting two domains that point to the same IP of Django, but I can just logging in to one, on the other just will not let me, from the admin or web always redirects me to the logging box, tried everything but nothing.
In test environment I have django running on runserer and the / etc / hosts as follows:
# This if it works
127.0.0.1 talleres.host1.com
# This one does not work
127.0.0.1 talleres.host2.com
I think the problem is with django but not to start looking, anyone know about this?

Make sure your ALLOWED_HOSTS looks like this:
ALLOWED_HOSTS = ['.host1.com',
'.host2.com',]

Hosting a django project behind proxypass

I have hosted to django admin project on a local machine X.
http://10.4.x.y/myapp/admin works.
I have an external IP on another machine Y and i am doing a proxy pass
from the Y to X.
http://proxypassname.com/myapp/admin works.
But, When i click the link "Save" or "Save continue editing" button after editing in admin page, it redirects to local machine ip (i.e. http://10.4.x.y/myapp/blah_blah_blah).
How to make sure that the django project redirects to proxypass name instead of local IP?

This is happening because the admin redirects to IP it thinks it has. It gets in in the HTTP request's header.
However, the fix is very easy. Assuming you proxy server implements the X-Forwarded-For standard, it could be easily fixed.
in your settings.py, simply set:
USE_X_FORWARDED_HOST = True
and restart your Django.
If that doesn't work, you can try to see if your proxy sets a different kind of header, and write a middleware that does the same thing. It's the first example on Django's documentation chapter on middleware

I did these two things and it worked.
Whenever you add a ProxyPass, you should add ProxyPassReverse
SITE_ID should be set to the domain where you want to point this django project.

Django SESSION_COOKIE_DOMAIN on localhost

When I set SESSION_COOKIE_DOMAIN = '.mysite.com' and then run the production site, the site creates the proper cross domain cookie and it's set to .mysite.com. However, if I set SESSION_COOKIE_DOMAIN = '.localhost' and run the local development server at localhost:8000 the cookie that is created is the non-cross domain cookie localhost.
Why might this be the case?
Thanks.

This has to do with how browsers and cookies work. Because you're not allowed to set cookies to something like .com, you can't set it as .localhost either.
You can check out more here: https://code.djangoproject.com/ticket/10560. Looks like there's no real solution within Django for this. I do wish they would warn us though rather than just break.
I don't have a good solution though. For testing you could set your hosts file to use something like test.com instead of localhost to point to your runserver.

for dev server, you can just use
SESSION_COOKIE_SECURE= False #default use just to override your prod setting
SESSION_COOKIE_DOMAIN= None #default use just to override your prod setting
or you can resolve domain name with the host's file
SESSION_COOKIE_DOMAIN= '.localhost'
Or something like this
SESSION_COOKIE_SECURE= False
SESSION_COOKIE_DOMAIN= "127.0.0.1"

You can't set SESSION_COOKIE_DOMAIN = '.localhost' because of browsers security features. (cf Django issue 10560)
However if you have foo.localhost:8000 and bar.localhost:8000 you can
switch to foo.dev.localhost:8000 and bar.dev.localhost:8000 and set
SESSION_COOKIE_DOMAIN = '.dev.localhost'
SESSION_COOKIE_NAME = "youcustomcookiename"