我正在使用AWS和Django Rest Framework开发Web应用程序.(Django:v1.8,DRF:v3)
我一直在获取django.request:Forbidden(Referer检查失败 – 没有Referer.)用于POST多部分表单请求.
我正在使用AWS ELB(弹性负载平衡器),Nginx(我的ec2(在autoscailing组中)和Gunicorn.
AWS ELB侦听器设置如下所示(仅限HTTPS):
elb https only listener setting
Nginx设置如下:
user Nginx;
worker_processes auto;
error_log /var/log/Nginx/error.log;
pid /var/run/Nginx.pid;
events {
worker_connections 1024;
}
http {
include /etc/Nginx/mime.types;
default_type application/octet-stream;
log_format main '$remote_addr - $remote_user [$time_local] "$request" '
'$status $body_bytes_sent "$http_referer" '
'"$http_user_agent" "$http_x_forwarded_for"';
access_log /var/log/Nginx/access.log main;
sendfile on;
tcp_nopush on;
tcp_nodelay on;
keepalive_timeout 65;
types_hash_max_size 2048;
include /etc/Nginx/conf.d/*.conf;
index index.html index.htm;
upstream my_server {
server localhost:8000;
}
server {
listen 80;
server_name <server name>;
access_log /etc/Nginx/log/local-wc.access.log;
error_log /etc/Nginx/log/local-wc.error.log;
root /usr/share/Nginx/html;
location /api/v1 {
proxy_pass http://my_server/api/v1;
proxy_redirect off;
proxy_set_header Host $host;
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_set_header X-Forwarded-Protocol $scheme;
}
}
}
换句话说,<服务器名称> => xxxx-123456789.us-west-2.elb.amazonaws.com(记录).
每个API调用都是通过https://< server name> / api / v1 / *进行的
最后Gunicorn正在经营:
gunicorn my_django_app.wsgi:application -w 1 -b 127.0.0.1:8000 -t 300 –max-requests = 100
和Django设置是:
ALLOWED_HOSTS = ['*']
SECURE_PROXY_SSL_HEADER = ('HTTP_X_FORWARDED_PROTO', 'https')
MIDDLEWARE_CLASSES = (
'django.contrib.sessions.middleware.SessionMiddleware',
'django.middleware.common.CommonMiddleware',
'django.middleware.csrf.CsrfViewMiddleware',
'django.contrib.auth.middleware.AuthenticationMiddleware',
'django.contrib.auth.middleware.SessionAuthenticationMiddleware',
'django.contrib.messages.middleware.MessageMiddleware',
'django.middleware.security.SecurityMiddleware',
)
查看功能如下(使用CSRF免除):
class UserViewSet(CsrfExemptMixin, mixins.CreateModelMixin,
mixins.ListModelMixin,
mixins.RetrieveModelMixin,
mixins.UpdateModelMixin,
viewsets.GenericViewSet):
# already tried @csrf_exempt
def create(self, request, *args, **kwargs):
self.parser_classes = (FormParser, MultiPartParser, )
.........
再次出问题:
当我发送
curl -i -k -X POST -H "Accept: application/json" \
-F "[email protected]" \
-F "[email protected]" \
https://<server name>/api/v1/users/
在我的Django日志中:
[WARNING] django.request: Forbidden (Referer checking Failed - no Referer.): /api/v1/users/
它适用于HTTP上的POST或HTTPS上的GET方法.
我想知道ELB配置是错误的还是Nginx配置错误的引用…
如果有人帮我解决这个问题,我将不胜感激.
解决方法:
我认为DRF忽略了csrf_exempt装饰器,我不确定CsrfExemptMixin的定义位置.您可以做的最简单的事情是将Referrer:yourhost添加到curl标题中.
版权声明:本文内容由互联网用户自发贡献,该文观点与技术仅代表作者本人。本站仅提供信息存储空间服务,不拥有所有权,不承担相关法律责任。如发现本站有涉嫌侵权/违法违规的内容, 请发送邮件至 [email protected] 举报,一经查实,本站将立刻删除。
