I am troubleshooting a Django app.
Recently the app seems to Randomly generate CSRF verification errors:
CSRF verification failed. Request aborted.
(Resulting in a 403)
Where can I find detailed information on the cause of the verification failure?
The error you're seeing is on the client side - which won't by default know what's going wrong on your server unless you have set DEBUG = True (which you don't want to do in production).
If it was replicable on your staging server it would be easy to fix, since you could replicate the error with DEBUG = True on staging and quickly see where the verification fails in Django's csrf.py.
What you're looking for is the output of which of these error is occurring on your server.
If you implement logging in Django you'll be able to investigate and determine which of these errors was triggered on your production site. A service like Sentry makes this even simpler since it will send you the traceback anytime an error happens.
Related
I am getting the following 500 server error when I deploy my Django web application to google app engine:
Error server error the server encountered an error and could not complete your request please try again in 30 seconds
Simply refreshing the page solves this issue and renders the page. However, this isn't ideal and I want the page to load correctly the first time tried. This error does not occur on my localhost, it only occurs on the deployed site and typically during form submissions and rendering detail pages.
I've researched the HTTP status codes in Django extensively from their documentation. It does not matter if the app is set in DEBUG mode or not. The same error appears. This is happening for both GET and POST requests. I have also tried to use a try-except block to retry the request multiple times before accepting failure.
My configuration:
Django: 3.2.9
Browser: Chrome 98.0.4758.80
Simply needed to upgrade my google app engine tier to a more professional level. Nothing was wrong, I just outgrew my tier and it just needed more computing power.
For my Django project, I am using djstripe. Using test data, I have confirmed that payments are successful. However, when testing a webhook, I get errors of 404 and then it sometimes changes to 503 (for the same webhook). I am using Heroku free tier so I am not sure if that is the problem, or if I am configuring the webhooks entirely wrong (likely since this is my first project). Any help is appreciated.
Stripe endpoint I have as [heroku domain]/users/accounts/webhook/ and my project urls is path('users/accounts/', include('allauth.urls')),
404 means that the URL you've provided to Stripe for your webhook is not found on/by your server; this is something you'll need to investigate on your end.
If you share more code - like specifically the code containing your route for the webhook - that might be useful for helping you diagnose the issue here.
i have found some solutions.
1- copy response of HTML tags and convert it to an HTML Page. you will be able to see the error raising from your platform which is failing the webhook.
2- Debug the each line of webhook view/code.
I have a django project which used the normal email admins on an unhandled exception when debug is set to False. ie in production.
I normally just review the error message and the stack trace. However I clicked on the request url link, which managed to recreate the error on the prouduction site (which then fired off another email).
What is this request url? Does it recreate the full http request (including the session etc..) which resulted in the original error?
Can I get the link to point to a local version of the site? (As after fixing a previous error clicking on the earlier request url has manged to create a recent error that we have been unable to reproduce, so it would be good to recreate this locally so it can be debugged.
We have an app running on Google App Engine with Python 2.7 runtime which can be assessed using Google Login, implemented using users API endpoint.
We are getting an error "Server Encountered an Error and couldn't complete your request. Please try again after 30 seconds" whenever user tries to open the web app.. The error is thworn on App Engine side, since the 500 error happens on that line where this call is made 'GET https://appengine.google.com/_ah/conflogin'.
This happens for both mobile(majorly) and web. It shows the same error when we try after the specified time.
However when we clear the browser cookies, cache, history etc etc it starts working. Not sure why. But we cannot users to clear all such stuffs all time as they might loose the information that they browsed.
We tried various cases for login(multiple login, single login, incognito mode) but couldn't figure the root cause of the problem.
Have anyone faced such issues before? If yes please share how you solved it.
On production, I've been trying to add the djangosecure.middleware.SecurityMiddleware (from http://pypi.python.org/pypi/django-secure)to my settings, but haven't had any luck making it work.
When I run:
./manage.py checksecure
Everything passes perfectly fine. But I'm unable to load the site up. It gives me the following error:
The webpage has resulted in too many redirects. Clearing your cookies for this site or
allowing third-party cookies may fix the problem. If not, it is possibly a server
configuration issue and not a problem with your computer.
Locally, when I use the production settings I receive a page error with:
Unable to make a secure connection to the server. This may be a problem with the server,
or it may be requiring a client authentication certificate that you don't have.
My terminal then gets filled with strange errors that I can't decipher:
[12/Jan/2013 14:15:25] code 400, message Bad HTTP/0.9 request type
('\x16\x03\x01\x00\x98\x01\x00\x00\x94\x03\x02P\xf1\xc4]\x97e\xdd\xdc\xa9\xeb\x0e\xfc\xbb\xfa3 ')
[12/Jan/2013 14:15:25] "??P??]?e?ܩ????3 Ʀ?-?:?.E:?o?FH?" 400 -
[12/Jan/2013 14:15:25] code 400, message Bad request syntax ('\x16\x03\x01\x00\x98\x01\x00\x00\x94\x03\x02P\xf1\xc4]M\xeeA50\xfc\x15%\xc1\xa4\x02\xec\xf0\x1fO')
[12/Jan/2013 14:15:25] "??P??]M?A50?%????O" 400 -
[12/Jan/2013 14:15:25] code 400, message Bad request syntax ('\x16\x03\x01\x00\x98\x01\x00\x00\x94\x03\x01P\xf1\xc4]\x8eg\xbey\x155\xafiP5\x85r\xb4|\x8c\x
Any advice?
Infinite-redirects means you have set SECURE_SSL_REDIRECT to True, but in production your site runs behind an SSL-stripping proxy server, so Django can't tell that the request is already in fact SSL, so it continually tries to redirect to SSL. As noted in the linked docs, you need to figure out what header your proxy sets to indicate an externally-SSL request, and set the SECURE_PROXY_SSL_HEADER setting accordingly.
Using the production settings locally will not work because Django's development server does not support SSL. The strange terminal output is your browser trying to make an SSL handshake with a server that doesn't understand SSL.