Django 管理员登录 403 禁止访问(未设置 CSRF cookie。)
Django Admin Login 403 Forbidden (CSRF cookie not set.)
我正在尝试登录管理面板,但收到 403 Forbidden 错误。上周,没有错误。我没有改变任何东西。我几乎尝试了 Whosebug 中相同问题的所有解决方案。请帮我!谢谢阅读。我为我糟糕的英语道歉。
系统:
Ubuntu 16.04
Python 3.5
Django 2.0
Gunicorn
Nginx
iRedMail
django debug.log
Exception while resolving variable 'is_popup' in template 'admin/login.html'.
Traceback (most recent call last):
File "/home/xxx/xxx/xxx/lib/python3.5/site-packages/django/template/base.py", line 829, in _resolve_lookup
current = current[bit]
File "/home/xxx/xxx/xxx/lib/python3.5/site-packages/django/template/context.py", line 83, in __getitem__
raise KeyError(key)
KeyError: 'is_popup'
During handling of the above exception, another exception occurred:
Traceback (most recent call last):
File "/home/xxx/xxx/xxx/lib/python3.5/site-packages/django/template/base.py", line 835, in _resolve_lookup
if isinstance(current, BaseContext) and getattr(type(current), bit):
AttributeError: type object 'RequestContext' has no attribute 'is_popup'
During handling of the above exception, another exception occurred:
Traceback (most recent call last):
File "/home/xxx/xxx/xxx/lib/python3.5/site-packages/django/template/base.py", line 843, in _resolve_lookup
current = current[int(bit)]
ValueError: invalid literal for int() with base 10: 'is_popup'
During handling of the above exception, another exception occurred:
Traceback (most recent call last):
File "/home/xxx/xxx/xxx/lib/python3.5/site-packages/django/template/base.py", line 850, in _resolve_lookup
(bit, current)) # missing attribute
django.template.base.VariableDoesNotExist: Failed lookup for key [is_popup] in [{'False': False, 'None': None, 'True': True}, {'base_url': 'domain.com', 'DEFAULT_MESSAGE_LEVELS': {'DEBUG': 10, 'SUCCESS': 25, 'WARNING': 30, 'ERROR': 40, 'INFO': 20}, 'perms': <django.contrib.auth.context_processors.PermWrapper object at 0x7f3ea494a128>, 'messages': <django.contrib.messages.storage.fallback.FallbackStorage object at 0x7f3ea4977240>, 'request': <WSGIRequest: GET '/admin/login/?next=/admin/'>, 'user': <SimpleLazyObject: <django.contrib.auth.models.AnonymousUser object at 0x7f3ea4977278>>, 'csrf_token': <SimpleLazyObject: <function csrf.<locals>._get_val at 0x7f3ea49a2048>>, 'categories': <QuerySet [<Category: ASD>, <Category: ASD>, <Category: ASD>, <Category: ASD>, <Category: ASD>]>}, {}, {'site_url': '/', 'next': '/admin/', 'title': 'Oturum aç', 'view': <django.contrib.auth.views.LoginView object at 0x7f3ea4977320>, 'username': '', 'LANGUAGE_BIDI': False, 'site': <django.contrib.sites.requests.RequestSite object at 0x7f3ea4977630>, 'site_name': 'www.domain.com', 'LANGUAGE_CODE': 'TR', 'form': <AdminAuthenticationForm bound=False, valid=Unknown, fields=(username;password)>, 'available_apps': [], 'site_title': '', 'has_permission': False, 'app_path': '/admin/login/?next=/admin/', 'site_header': ''}]
Forbidden (CSRF cookie not set.): /admin/login/
/etc/nginx/sites-enabled/00-default.conf
#
# Note: This file must be loaded before other virtual host config files,
#
# HTTP
server{
listen 80;
server_name www.domain.com;
location = /favicon.ico { access_log off; log_not_found off; }
location /static/ {
root /home/xxx/xxx;
expires 1M;
access_log off;
add_header Cache-Control "public";
}
location /media/ {
root /home/xxx/xxx;
expires 1M;
access_log off;
add_header Cache-Control "public";
}
location / {
include proxy_params;
proxy_pass http://unix:/home/xxx/xxx/domain.sock;
add_header X-Xss-Protection "1; mode=block" always;
add_header X-Content-Type-Options nosniff;
add_header 'Referrer-Policy' 'no-referrer';
add_header Content-Security-Policy "default-src 'self';";
add_header Strict-Transport-Security "max-age=31536000; includeSubDomains" always;
}
}
server {
# Listen on ipv4
listen 443;
# Listen on ipv6.
# Note: this setting listens on both ipv4 and ipv6 with Nginx release
# shipped in some Linux/BSD distributions.
#listen [::]:80;
server_name https://mail.domain.com;
}
已解决
修改了包含以下行的文件 settings.py:
CSRF_COOKIE_SECURE = False
SESSION_COOKIE_SECURE = False
我想在这里添加更多信息...文档中不建议关闭 csrf...
我希望它能对某人有所帮助...
您还可以在 context_processors 的设置中加入以下内容:
'django.template.context_processors.csrf',
此行应自动将 csrf 令牌包含到模板中...因此应消除 csrf cookie not set 错误...
老实说,我将这条线设置到我的设置中,但是因为我在上面的设置中使用了解决方案,它解决了我的 'cookie not set' 问题,我不能 100% 确认它有助于解决这个错误......但是这是解决 csrf 令牌问题的另一种方法...
我正在尝试登录管理面板,但收到 403 Forbidden 错误。上周,没有错误。我没有改变任何东西。我几乎尝试了 Whosebug 中相同问题的所有解决方案。请帮我!谢谢阅读。我为我糟糕的英语道歉。
系统:
Ubuntu 16.04
Python 3.5
Django 2.0
Gunicorn
Nginx
iRedMail
django debug.log
Exception while resolving variable 'is_popup' in template 'admin/login.html'.
Traceback (most recent call last):
File "/home/xxx/xxx/xxx/lib/python3.5/site-packages/django/template/base.py", line 829, in _resolve_lookup
current = current[bit]
File "/home/xxx/xxx/xxx/lib/python3.5/site-packages/django/template/context.py", line 83, in __getitem__
raise KeyError(key)
KeyError: 'is_popup'
During handling of the above exception, another exception occurred:
Traceback (most recent call last):
File "/home/xxx/xxx/xxx/lib/python3.5/site-packages/django/template/base.py", line 835, in _resolve_lookup
if isinstance(current, BaseContext) and getattr(type(current), bit):
AttributeError: type object 'RequestContext' has no attribute 'is_popup'
During handling of the above exception, another exception occurred:
Traceback (most recent call last):
File "/home/xxx/xxx/xxx/lib/python3.5/site-packages/django/template/base.py", line 843, in _resolve_lookup
current = current[int(bit)]
ValueError: invalid literal for int() with base 10: 'is_popup'
During handling of the above exception, another exception occurred:
Traceback (most recent call last):
File "/home/xxx/xxx/xxx/lib/python3.5/site-packages/django/template/base.py", line 850, in _resolve_lookup
(bit, current)) # missing attribute
django.template.base.VariableDoesNotExist: Failed lookup for key [is_popup] in [{'False': False, 'None': None, 'True': True}, {'base_url': 'domain.com', 'DEFAULT_MESSAGE_LEVELS': {'DEBUG': 10, 'SUCCESS': 25, 'WARNING': 30, 'ERROR': 40, 'INFO': 20}, 'perms': <django.contrib.auth.context_processors.PermWrapper object at 0x7f3ea494a128>, 'messages': <django.contrib.messages.storage.fallback.FallbackStorage object at 0x7f3ea4977240>, 'request': <WSGIRequest: GET '/admin/login/?next=/admin/'>, 'user': <SimpleLazyObject: <django.contrib.auth.models.AnonymousUser object at 0x7f3ea4977278>>, 'csrf_token': <SimpleLazyObject: <function csrf.<locals>._get_val at 0x7f3ea49a2048>>, 'categories': <QuerySet [<Category: ASD>, <Category: ASD>, <Category: ASD>, <Category: ASD>, <Category: ASD>]>}, {}, {'site_url': '/', 'next': '/admin/', 'title': 'Oturum aç', 'view': <django.contrib.auth.views.LoginView object at 0x7f3ea4977320>, 'username': '', 'LANGUAGE_BIDI': False, 'site': <django.contrib.sites.requests.RequestSite object at 0x7f3ea4977630>, 'site_name': 'www.domain.com', 'LANGUAGE_CODE': 'TR', 'form': <AdminAuthenticationForm bound=False, valid=Unknown, fields=(username;password)>, 'available_apps': [], 'site_title': '', 'has_permission': False, 'app_path': '/admin/login/?next=/admin/', 'site_header': ''}]
Forbidden (CSRF cookie not set.): /admin/login/
/etc/nginx/sites-enabled/00-default.conf
#
# Note: This file must be loaded before other virtual host config files,
#
# HTTP
server{
listen 80;
server_name www.domain.com;
location = /favicon.ico { access_log off; log_not_found off; }
location /static/ {
root /home/xxx/xxx;
expires 1M;
access_log off;
add_header Cache-Control "public";
}
location /media/ {
root /home/xxx/xxx;
expires 1M;
access_log off;
add_header Cache-Control "public";
}
location / {
include proxy_params;
proxy_pass http://unix:/home/xxx/xxx/domain.sock;
add_header X-Xss-Protection "1; mode=block" always;
add_header X-Content-Type-Options nosniff;
add_header 'Referrer-Policy' 'no-referrer';
add_header Content-Security-Policy "default-src 'self';";
add_header Strict-Transport-Security "max-age=31536000; includeSubDomains" always;
}
}
server {
# Listen on ipv4
listen 443;
# Listen on ipv6.
# Note: this setting listens on both ipv4 and ipv6 with Nginx release
# shipped in some Linux/BSD distributions.
#listen [::]:80;
server_name https://mail.domain.com;
}
已解决 修改了包含以下行的文件 settings.py:
CSRF_COOKIE_SECURE = False
SESSION_COOKIE_SECURE = False
我想在这里添加更多信息...文档中不建议关闭 csrf...
我希望它能对某人有所帮助...
您还可以在 context_processors 的设置中加入以下内容: 'django.template.context_processors.csrf',
此行应自动将 csrf 令牌包含到模板中...因此应消除 csrf cookie not set 错误...
老实说,我将这条线设置到我的设置中,但是因为我在上面的设置中使用了解决方案,它解决了我的 'cookie not set' 问题,我不能 100% 确认它有助于解决这个错误......但是这是解决 csrf 令牌问题的另一种方法...