错误是什么意思? :“禁止(推荐人检查失败-没有推荐人.):"
我有一个正在运行的网站,看来工作正常.但是,现在我已经在第一时间看到了该错误.
I have a website running, which appears to be working fine. Yet, now I've seen this error in the logs for the fist time.
Forbidden (Referer checking failed - no Referer.): /pointlocations/
[pid: 4143|app: 0|req: 148/295] 104.176.70.209 () {48 vars in 1043 bytes} [Wed Jul 26 19:49:35 2017] POST /pointlocations/?participant=A2TYLR23CHRULH&assignmentId=3P4MQ7TPPYF65ANAUBF8A3B38A0BB6 => generated 2737 bytes in 2 msecs (HTTP/1.1 403) 1 headers in 51 bytes (1 switches on core 0)
在发布到/pointlocations/时会发生,但仅针对一个特定的人(每个participant每个帐户都是唯一的,因此我知道它是唯一一个人,反复遇到此问题.超过500多个其他participant具有没有这样的问题/错误.
It happens when posting to /pointlocations/, but only for one specific person ( each participant is unique per account, so I know it's only one person, having this problem repeatedly. Over 500+ other participant have had no such problem/error.
此错误是什么意思,可能是什么原因导致的,我可以解决此问题吗?
What does this error mean, what is likely causing it and can I fix this?
TLDR: Try to use the csrf_exempt decorator for your view:
from django.views.decorators.csrf import csrf_exempt
@csrf_exempt
def my_webhook(request):
# Do some stuffs...
# Return an HHTPResponse as Django expects a response from the view
return HttpResponse(status=200)
只有在绝对需要时才应该这样做,以避免潜在的安全漏洞.
更多内容:
在处理第三方调用的网络挂钩时,我遇到了类似的问题,这是一种付款解决方案.每次调用付款状态发生变化(例如,从打开"变为已付款")时,第三方都会调用该Web挂钩的Django视图,以通知我们.
I faced a similar problem while working on a web-hook called by a third-party which is a payment solution. The Django view for that web-hook is called by the third-party to notify us every time the payment status changes (goes from 'open' to 'paid' for example).
由于付款平台仅在请求POST中提供付款ID,因此不应执行CSRF检查. Django允许您通过csrf_exempt装饰器执行此操作.
As the payment platform only provides a payment ID in the request POST, the CSRF check should not be performed. Django allows you to do this through the csrf_exempt decorator.