After upgrading to Django 2 from Django 1.7.4, I face the following issue. In django admin save() method is called twice for any model in the project. When it comes to add new, it add the same entry twice, if edit it also saves twice, as a result admin result notification gives the same notice twice.If you click delete button, it first deletes and then gives notification that the entry does not exist, because it also calls delete function twice.
So far checked:
settings file is loaded only once
rewrote post_save
But no avail.
Settings
#SSL settings
SECURE_PROXY_SSL_HEADER = ('HTTP_X_FORWARDED_PROTO', 'https')
SECURE_SSL_REDIRECT = True
SESSION_COOKIE_SECURE = True
CSRF_COOKIE_SECURE = True
INSTALLED_APPS = (
'dal',
'dal_select2',
'django.contrib.auth',
'django.contrib.contenttypes',
'django.contrib.sessions',
'django.contrib.messages',
'django.contrib.staticfiles',
'django.contrib.sites',
'django.contrib.flatpages',
'django.contrib.sitemaps',
'django.contrib.admin',
'compressor',
'mptt',
'django_mptt_admin',
-----
'myappA',
'myAppB',
)
MIDDLEWARE = [
'django.middleware.security.SecurityMiddleware',
'django.contrib.sessions.middleware.SessionMiddleware',
'django.middleware.common.BrokenLinkEmailsMiddleware',
'django.middleware.locale.LocaleMiddleware',
'django.middleware.common.CommonMiddleware',
'django.middleware.csrf.CsrfViewMiddleware',
'django.contrib.auth.middleware.AuthenticationMiddleware',
'django.contrib.auth.middleware.RemoteUserMiddleware',
'django.contrib.messages.middleware.MessageMiddleware',
'django.middleware.clickjacking.XFrameOptionsMiddleware',
'myappA.middleware.AutoLogout',
]
Finally I have found the solution. The issue was in my middleware which was rewritten to Django 2, and request was called twice.
Related
I am working on a django project. After I successfully did the registration and login form, I have logged into the admin panel and shortly after that somehow I got this error:
settings.py
INSTALLED_APPS = [
'django.contrib.admin',
'django.contrib.auth',
'django.contrib.contenttypes',
'django.contrib.sessions',
'django.contrib.messages',
'django.contrib.staticfiles',
'crispy_forms',
'django_filters',
'startup',
'vereinsapp',
'users',
#'users.apps.UsersConfig',
]
MIDDLEWARE = [
'django.middleware.security.SecurityMiddleware',
'django.contrib.sessions.middleware.SessionMiddleware',
'django.middleware.common.CommonMiddleware',
'django.middleware.csrf.Cs‚rfViewMiddleware',
'django.contrib.auth.middleware.AuthenticationMiddleware',
'django.contrib.messages.middleware.MessageMiddleware',
'django.middleware.clickjacking.XFrameOptionsMiddleware',
]
WSGI_APPLICATION = 'startup.wsgi.application'
LOGIN_REDIRECT_URL = '/'
Anyone know what I could try to fix it? I also tried deleting the apps.py file of 'users'. That is the structure of my project:
In the middleware replace this line
'django.middleware.csrf.Cs‚rfViewMiddleware'
with below line
'django.middleware.csrf.CsrfViewMiddleware',
I'm trying to use my DRF API in my React Web App with Axios but I'm getting CORS policy blocked.
I've checked the headers using POSTMAN and seems like django-cors-header is not actually embedding the Access-Control-Allow-Origin: *
This is my settings.py from Django:
INSTALLED_APPS = [
'django.contrib.admin',
'django.contrib.auth',
'django.contrib.contenttypes',
'django.contrib.sessions',
'django.contrib.messages',
'django.contrib.staticfiles',
'trvl',
'rest_framework',
'coreapi',
'django_filters',
'corsheaders',
]
MIDDLEWARE = [
'corsheaders.middleware.CorsMiddleware',
'django.middleware.common.CommonMiddleware',
'django.middleware.security.SecurityMiddleware',
'django.contrib.sessions.middleware.SessionMiddleware',
'django.middleware.csrf.CsrfViewMiddleware',
'django.contrib.auth.middleware.AuthenticationMiddleware',
'django.contrib.messages.middleware.MessageMiddleware',
]
CORS_ORIGIN_ALLOW_ALL = True
CORS_ALLOW_CREDENTIALS = False
And this is what I get from POSTMAN
How can I fix this so every response has the Access-Control-Allow-Origin : *
I had the exact same scenario as you. Same frontend and backend.
I was able to resolve my issue by adding this to my settings.py in addition to everything you listed.
CORS_REPLACE_HTTPS_REFERER = True
In settings.py
set ALLOWED_HOSTS = [] to ALLOWED_HOSTS = ["*"]
I am a newbie to django/django-rest-framework. I am experimenting with React for the frontend and Django-rest-framework for the backend. The client and server are on different domains. I was able to make a GET request, for POST request I also manage to do it but only with the csrf_exempt decorator, which is not ideally. The django documentation recommended me to use CSRF_TRUSTED_ORIGINS to avoid csrf verification but that also doesn't work for me. Here's my settings.py
INSTALLED_APPS = [
'api.apps.ApiConfig',
'rest_framework',
'corsheaders',
'django.contrib.admin',
'django.contrib.auth',
'django.contrib.contenttypes',
'django.contrib.sessions',
'django.contrib.messages',
'django.contrib.staticfiles',
]
MIDDLEWARE = [
'django.middleware.security.SecurityMiddleware',
'django.contrib.sessions.middleware.SessionMiddleware',
'corsheaders.middleware.CorsMiddleware',
'django.middleware.common.CommonMiddleware',
'django.middleware.csrf.CsrfViewMiddleware',
'django.contrib.auth.middleware.AuthenticationMiddleware',
'django.contrib.messages.middleware.MessageMiddleware',
'django.middleware.clickjacking.XFrameOptionsMiddleware',
]
CORS_ORIGIN_WHITELIST = (
'localhost:3000',
)
CSRF_TRUSTED_ORIGINS = [
'localhost:3000'
]
Should I start implementing jwt-authentication to avoid this situation ? What is the best approach to this problem?
In accordance with the django-pipeline docs, I've added 'pipeline.middleware.MinifyHTMLMiddleware', to my MIDDLEWARE_CLASSES to minify html files. But, when I check the htmls that have been rendered while running the server, they are not minified. Can some one please suggest if I am missing anything.
Below are my MIDDLEWARE_CLASSES. I even tried with GZipMiddleware class enabled, but it still does'nt work. I have also tried with both DEBUG = False & DEBUG = True in settings.py with no success.
MIDDLEWARE_CLASSES = (
#'django.middleware.gzip.GZipMiddleware',
'pipeline.middleware.MinifyHTMLMiddleware',
'django.middleware.common.CommonMiddleware',
'django.contrib.sessions.middleware.SessionMiddleware',
'django.middleware.csrf.CsrfViewMiddleware',
'django.contrib.auth.middleware.AuthenticationMiddleware',
'django.contrib.messages.middleware.MessageMiddleware',
'Testapp.signin.views.SocialAuthExceptionMiddleware',
)
EDIT: Added Installed Apps and Static files storage settings.
INSTALLED_APPS = (
'django.contrib.auth',
'django.contrib.contenttypes',
'django.contrib.sessions',
'django.contrib.sites',
'django.contrib.messages',
'django.contrib.staticfiles',
#'django.contrib.admin',
'social.apps.django_app.default',
# 'django.contrib.admindocs',
'Testapp',
'signin',
'pipeline',
)
STATICFILES_STORAGE = 'pipeline.storage.PipelineCachedStorage'
To work pipeline MinifyHTMLMiddleware change DEBUG = False in settings.py
DEBUG = false
Or add in settings.py
PIPELINE_ENABLED = True
i've had the same issue, but I've found the solution. You have to add this Middleware class first:
'htmlmin.middleware.MarkRequestMiddleware',
When you do that it adds to request an attribute
request._hit_htmlmin = True
which is checked then in MinifyHTMLMiddleware class. Now it's working great.
I have a custom user model with my own authentication in place. But despite this I am unable to login to Django admin. The page appears but it does not accept my credentials (which are correct). I have included django.contrib.auth.backends.ModelBackend along with my custom authentication backend in AUTHENTICATION_BACKENDS. The is_staff and is_admin are both set when I check in the shell.
Am I missing something obvious?
AUTHENTICATION_BACKENDS = ( 'django.contrib.auth.backends.ModelBackend',
'final.backends.CustomBackend',)
AUTH_USER_MODEL = 'final.MyUser'
MIDDLEWARE_CLASSES = (
'django.middleware.common.CommonMiddleware',
'django.contrib.sessions.middleware.SessionMiddleware',
'django.middleware.csrf.CsrfViewMiddleware',
'django.contrib.auth.middleware.AuthenticationMiddleware',
'django.contrib.messages.middleware.MessageMiddleware',
# Uncomment the next line for simple clickjacking protection:
# 'django.middleware.clickjacking.XFrameOptionsMiddleware',
)
INSTALLED_APPS = (
'rest_framework.authtoken',
'django.contrib.auth',
'django.contrib.contenttypes',
'django.contrib.sessions',
'django.contrib.sites',
'django.contrib.messages',
'django.contrib.staticfiles',
# Uncomment the next line to enable the admin:
'django.contrib.admin',
# Uncomment the next line to enable admin documentation:
'final',
'rest_framework',
)
REST_FRAMEWORK = {
'DEFAULT_AUTHENTICATION_CLASSES': (
'final.authentication.ExpiringTokenAuthentication',
)
}
Ignore the poor indentations please. They got lost in a copy-paste massacre.