Twilio - 如何处理入站短信
Twilio - how to handle inbound sms
我刚刚在 twilio 上创建了一个帐户,我能够配置一些东西,以便我可以通过我编写的 django 应用程序发送短信。
但是,现在我正在尝试了解入站短信发生了什么。
编辑
我在我的 Django 应用程序上配置了一个 URL 来执行一些操作,然后我将 twilio 配置为在入站消息到达时点击那个 URL。
但是,这个过程失败了,我从 Twilio 得到了这个回复(见下文)。似乎与安全有关,对吧?
<!DOCTYPE html>
<html lang="en">
<head>
<meta http-equiv="content-type" content="text/html; charset=utf-8">
<meta name="robots" content="NONE,NOARCHIVE">
<title>403 Forbidden</title>
<style type="text/css">
html * { padding:0; margin:0; }
body * { padding:10px 20px; }
body * * { padding:0; }
body { font:small sans-serif; background:#eee; color:#000; }
body>div { border-bottom:1px solid #ddd; }
h1 { font-weight:normal; margin-bottom:.4em; }
h1 span { font-size:60%; color:#666; font-weight:normal; }
#info { background:#f6f6f6; }
#info ul { margin: 0.5em 4em; }
#info p, #summary p { padding-top:10px; }
#summary { background: #ffc; }
#explanation { background:#eee; border-bottom: 0px none; }
</style>
</head>
<body>
<div id="summary">
<h1>Forbidden
<span>(403)</span>
</h1>
<p>CSRF verification failed. Request aborted.</p>
<p>You are seeing this message because this HTTPS site requires a “Referer header†to be sent by your Web browser, but none was sent. This header is required for security reasons, to ensure that your browser is not being hijacked by third parties.</p>
<p>If you have configured your browser to disable “Referer†headers, please re-enable them, at least for this site, or for HTTPS connections, or for “same-origin†requests.</p>
<p>If you are using the <meta name="referrer" content="no-referrer"> tag or including the “Referrer-Policy: no-referrer†header, please remove them. The CSRF protection requires the “Referer†header to do strict referer checking. If you’re concerned about privacy, use alternatives like <a rel="noreferrer" …> for links to third-party sites.</p>
</div>
<div id="info">
<h2>Help</h2>
<p>Reason given for failure:</p>
<pre>
Referer checking failed - no Referer.
</pre>
<p>In general, this can occur when there is a genuine Cross Site Request Forgery, or when
<a
href="https://docs.djangoproject.com/en/3.1/ref/csrf/">Django's
CSRF mechanism</a> has not been used correctly. For POST forms, you need to
ensure:
</p>
<ul>
<li>Your browser is accepting cookies.</li>
<li>The view function passes a
<code>request</code> to the template's
<a
href="https://docs.djangoproject.com/en/dev/topics/templates/#django.template.backends.base.Template.render">
<code>render</code>
</a>
method.
</li>
<li>In the template, there is a
<code>{% csrf_token
%}</code> template tag inside each POST form that
targets an internal URL.
</li>
<li>If you are not using
<code>CsrfViewMiddleware</code>, then you must use
<code>csrf_protect</code> on any views that use the
<code>csrf_token</code>
template tag, as well as those that accept the POST data.
</li>
<li>The form has a valid CSRF token. After logging in in another browser
tab or hitting the back button after a login, you may need to reload the
page with the form, because the token is rotated after a login.</li>
</ul>
<p>You're seeing the help section of this page because you have
<code>DEBUG =
True</code> in your Django settings file. Change that to
<code>False</code>,
and only the initial error message will be displayed.
</p>
<p>You can customize this page using the CSRF_FAILURE_VIEW setting.</p>
</div>
</body>
</html>```
如果您想接收入站短信,您需要创建一个网络钩子,它允许您在收到短信时 运行 您的代码(您可以回复或执行其他操作)。否则消息将丢失。阅读 this for details and this for a sample code in Django.
解决了本教程中关于 twilio 的问题。我缺少验证器,所以 Django 不允许请求进入。
我刚刚在 twilio 上创建了一个帐户,我能够配置一些东西,以便我可以通过我编写的 django 应用程序发送短信。
但是,现在我正在尝试了解入站短信发生了什么。
编辑 我在我的 Django 应用程序上配置了一个 URL 来执行一些操作,然后我将 twilio 配置为在入站消息到达时点击那个 URL。
但是,这个过程失败了,我从 Twilio 得到了这个回复(见下文)。似乎与安全有关,对吧?
<!DOCTYPE html>
<html lang="en">
<head>
<meta http-equiv="content-type" content="text/html; charset=utf-8">
<meta name="robots" content="NONE,NOARCHIVE">
<title>403 Forbidden</title>
<style type="text/css">
html * { padding:0; margin:0; }
body * { padding:10px 20px; }
body * * { padding:0; }
body { font:small sans-serif; background:#eee; color:#000; }
body>div { border-bottom:1px solid #ddd; }
h1 { font-weight:normal; margin-bottom:.4em; }
h1 span { font-size:60%; color:#666; font-weight:normal; }
#info { background:#f6f6f6; }
#info ul { margin: 0.5em 4em; }
#info p, #summary p { padding-top:10px; }
#summary { background: #ffc; }
#explanation { background:#eee; border-bottom: 0px none; }
</style>
</head>
<body>
<div id="summary">
<h1>Forbidden
<span>(403)</span>
</h1>
<p>CSRF verification failed. Request aborted.</p>
<p>You are seeing this message because this HTTPS site requires a “Referer header†to be sent by your Web browser, but none was sent. This header is required for security reasons, to ensure that your browser is not being hijacked by third parties.</p>
<p>If you have configured your browser to disable “Referer†headers, please re-enable them, at least for this site, or for HTTPS connections, or for “same-origin†requests.</p>
<p>If you are using the <meta name="referrer" content="no-referrer"> tag or including the “Referrer-Policy: no-referrer†header, please remove them. The CSRF protection requires the “Referer†header to do strict referer checking. If you’re concerned about privacy, use alternatives like <a rel="noreferrer" …> for links to third-party sites.</p>
</div>
<div id="info">
<h2>Help</h2>
<p>Reason given for failure:</p>
<pre>
Referer checking failed - no Referer.
</pre>
<p>In general, this can occur when there is a genuine Cross Site Request Forgery, or when
<a
href="https://docs.djangoproject.com/en/3.1/ref/csrf/">Django's
CSRF mechanism</a> has not been used correctly. For POST forms, you need to
ensure:
</p>
<ul>
<li>Your browser is accepting cookies.</li>
<li>The view function passes a
<code>request</code> to the template's
<a
href="https://docs.djangoproject.com/en/dev/topics/templates/#django.template.backends.base.Template.render">
<code>render</code>
</a>
method.
</li>
<li>In the template, there is a
<code>{% csrf_token
%}</code> template tag inside each POST form that
targets an internal URL.
</li>
<li>If you are not using
<code>CsrfViewMiddleware</code>, then you must use
<code>csrf_protect</code> on any views that use the
<code>csrf_token</code>
template tag, as well as those that accept the POST data.
</li>
<li>The form has a valid CSRF token. After logging in in another browser
tab or hitting the back button after a login, you may need to reload the
page with the form, because the token is rotated after a login.</li>
</ul>
<p>You're seeing the help section of this page because you have
<code>DEBUG =
True</code> in your Django settings file. Change that to
<code>False</code>,
and only the initial error message will be displayed.
</p>
<p>You can customize this page using the CSRF_FAILURE_VIEW setting.</p>
</div>
</body>
</html>```
如果您想接收入站短信,您需要创建一个网络钩子,它允许您在收到短信时 运行 您的代码(您可以回复或执行其他操作)。否则消息将丢失。阅读 this for details and this for a sample code in Django.
解决了本教程中关于 twilio 的问题。我缺少验证器,所以 Django 不允许请求进入。