i'm working my project with django restframework, all is right except when i try to update a table, always appears the CSRF.
How i can set CSRF cookie?
Thanks
Screenshot
I experienced this earlier today while switching development projects and added to an existing thread here: Django CSRF Cookie Not Set
After checking the order of installed apps and middleware against the startproject template, clearing my browser cache resolved the issue.
Related
I've recently switched server/database and am having trouble getting the google and facebook social apps to log in. I have the keys set up correctly and when hitting both facebook and google it successfully creates a django user and a social account, but it does not log the user in. Notably, it sends the user to LOGIN_REDIRECT_URL correctly.
When attempting to sign in with an existing user after it has already been created, it also does not log in, but also sends to LOGIN_REDIRECT_URL correctly.
I can't figure out why it is behaving this way in the new environment, and am struggling on finding where to look. My best guess is that somewhere the pre_social_login signal or the social_account_added signal? Any ideas?
EDIT:
Also worth noting, I switched from python 3.4 to python 2.7, but django remained 1.6.5
Turned out I was missing the allauth.account.auth_backends.AuthenticationBackend in the settings AUTHENTICATION_BACKENDS when i did the migrate.
I'm having a problem where Django's login is working okay on Chrome but not on Firefox: when trying to login to a restricted portion of the site on Firefox, it simply loops back again and again to the login page; furthermore, no error message appears on the log regarding that.
Interestingly, the error doesn't happen when the server is on the local machine.
Does someone have a general idea of what could be causing that strange behavior?
I'm using Django 1.6 on Python 2.7
this isn't much of an answer, but a linking to other similar problems. Because I don't have rep, all I can do is leave an answer.
A issue like this was encountered in 2012 but was never conclusively answered:
Django session doesn't work in Firefox
A similar question where the user could login via local server but not remote firefox was encoutered:
Unable log in to the django admin page with a valid username and password
The second was very well documented and had an accepted answer that was well liked.
Recommendations:
If you are not using https make sure you have this setting SESSION_COOKIE_SECURE = False.
If you are using a database backed, Check if the session is actually being created in the django_sessions table .
If you are using a cached backed, check that SESSION_ENGINE is django.contrib.sessions.backends.cache and that CACHE_BACKEND is properly configured.
My django_session table was growing very large and it seems to be due to a pingdom bot that I set-up hitting my login page. I tried creating a brand new django 1.4 app and the behaviour is replicated on any page that uses the django.contrib.auth.views.login page, including the default admin login page.
This surely can't be the desired behaviour. Is it a bug? Is there a fix?
(I have redirected the pingdom bot to another page that doesn't cause a new session to be created but I'd like to solve the django issue itself too).
I have seen the question here Huge Django Session table, normal behaviour or bug? and it doesn't seem to be the same issue
After a little bit of searching I found that this is done by the login view (line 55) in the set_test_cookie() method.
In the latest version of Django (git main) it has been removed however: https://github.com/django/django/commit/9d2c0a0ae6ce931699daa87735d5b8b2afaa20f9#django/contrib/auth/views.py
For the time being I would simply recommend you to use a modified version of the login page which doesn't use the set_test_cookie() method.
I know there is in the development version of Django, but I don't see this in Django 1.0. I took a look of the code and such an exception is definitely not built in. I need to have this ability as I can't add the csrf middleware token to a third party flash app I am using which needs to make a POST request back to django. :(
Anyone have any ideas?
The answer to this problem is simply recreate the token using the middleware and add it into the view and then making it accessible in the template for JavaScript/Flash.
How can I find out who is responsible for Django's CSRF middleware so I could ask them questions?
I'm having so many CSRF failures for months on my Django site and it is costing me hours and hours of problems every few weeks. I want to contact the developers who worked on it to ask them one or two root questions about the problems I'm having.
I put up several other posts about the problems that never get satisfactory answers, but that do result in a few work arounds:
Django CSRF framework cannot be disabled and is breaking my site
Django CSRF Framework having many failures
Tons of false positives from Django's CSRF middleware?
For Django's CSRF failure middleware, how can you get the CSRF errors to report what URL is failing?
Some other people are having the same types of frustrations:
Completely disable Django's CSRF protection in SVN Trunk
CSRF protection is being re-worked for Django 1.2. See the community wiki page CsrfProtection that discusses the current limitations and proposals for re-working. Personally I'm thinking about moving ahead and using Simon Willison's django-safeform project as a temporary solution until 1.2 is released.
I've said this before, but you should not be using trunk for production projects. Use the stable release, and you won't have any problems.