使用pythonanywhere SSL证书的隐私错误
I have a payment gateway in my web-app that requires an SSL certificate to work properly.
该网络应用是django网络应用,托管于 pythonanywhere .我使用了他们的自动续订我们的加密证书来添加SSL证书,并使网站作为 HTTPS 网站加载.
the web-app is a django web-app hosted at pythonanywhere. I used their Auto-renewing Let's Encrypt certificate to add an SSL certificate and make the website load as an HTTPS website.
该网站现在作为 HTTPS 网站加载,但是退出支付网关后,我仍然收到如下所示的隐私"错误
The website now loads as an HTTPS website but when exiting the payment gateway I still get a Privacy error as follows
Your connection is not private
Attackers might be trying to steal your information from <my domain> (for example, passwords, messages or credit cards). Learn more
NET::ERR_CERT_COMMON_NAME_INVALID
我不确定自己在做什么错
I am not sure what I am doing wrong
- 我正在使用从GoDaddy购买的自定义域
- 我按照此链接设置了SSL证书
- 我还在pythonanywhere中启用了强制-https .
- 我将视图中的回调URL从
http://< my_domain> .org/payment/status/更改为https://< my_domain> .org/payment/status/ - 回调URL页面不包含任何http链接.只是一个css文件,如下所示:
< link rel ="stylesheet"href =&"; {%static'css/paymentstatus.css'%}'>
- I am using a custom domain that I bought from GoDaddy
- I followed this link to setup the SSL certificate
- I have also enabled forcing-https in pythonanywhere.
- I changed the callback url in my views from
http://<my_domain>.org/payment/status/tohttps://<my_domain>.org/payment/status/ - The callback url page does not contain any http links. Just a css file as follows
<link rel="stylesheet" href="{% static 'css/paymentstatus.css' %}">
请注意,当我访问该网站时,它显示为 https .只有在调用回调URL时,它才会返回隐私"错误.
Please note that when I visit the website, it shows as https. It is only when calling the callback URL does it return the Privacy error.
在本地系统中使用 ngrok 尝试此错误时,我没有遇到此错误.此错误仅在 pythonanywhere 中发生.
I did not face this error when I tried it in my local system with ngrok. This error occurs only with pythonanywhere.
nslookup mydomain.org
▶ nslookup mydomain.org
Server: 2405:201:e011:3804::c0a8:1d01
Address: 2405:201:e011:3804::c0a8:1d01#53
Non-authoritative answer:
Name: mydomain.org
Address: IP_ADDRESS
挖掘mydomain.org
▶ dig mydomain.org
; <<>> DiG 9.10.6 <<>> mydomain.org
;; global options: +cmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 8056
;; flags: qr rd ra ad; QUERY: 1, ANSWER: 1, AUTHORITY: 0, ADDITIONAL: 0
;; QUESTION SECTION:
;mydomain.org. IN A
;; ANSWER SECTION:
mydomain.org. 225 IN A IP_ADDRESS
;; Query time: 2 msec
;; SERVER: 2405:201:e011:3804::c0a8:1d01#53(2405:201:e011:3804::c0a8:1d01)
;; WHEN: Fri Jan 15 14:18:23 IST 2021
;; MSG SIZE rcvd: 51
我将网址从 https://< my_domain> .org/更改为 https://www.< my_domain> .org/.这将导致404错误.我在下面添加了views.py和url.py
I changed the url from https://<my_domain>.org/ to https://www.<my_domain>.org/. This leads to a 404 error. I have added my views.py and url.py below
views.py
def donate(request):
if request.method == "POST":
form = DonateForm(request.POST)
name = request.POST.get('firstName')
phone = request.POST.get('phone')
email = request.POST.get('email')
amount = float("{0:.2f}".format(int(request.POST.get('amount'))))
ord_id = OrdID()
cust_id = CustID()
paytm_params = {
"MID" : MERCHANTID,
"WEBSITE" : "DEFAULT",
"INDUSTRY_TYPE_ID" : "Retail",
"CHANNEL_ID" : "WEB",
"ORDER_ID" : ord_id,
"CUST_ID" : cust_id,
"MOBILE_NO" : phone,
"EMAIL" : email,
"TXN_AMOUNT" : str(amount),
"CALLBACK_URL" : "https://www.<my_domain>.org/payment/status/",
}
paytm_params['CHECKSUMHASH'] = Checksum.generate_checksum(paytm_params, MERCHANTKEY)
if form.is_valid():
form.save()
return render(request, 'paytm.html', {'paytm_params': paytm_params})
else:
form = DonateForm()
context = {'Donate': form}
return render(request, 'donate.html', context=context)
@csrf_exempt
def handlerequest(request):
if request.method == "POST":
form = request.POST
response_dict = {}
for i in form.keys():
response_dict[i] = form[i]
if i == 'CHECKSUMHASH':
checksum = form[i]
print(checksum)
verify = Checksum.verify_checksum(response_dict, MERCHANTKEY, checksum)
if verify:
if response_dict['RESPCODE'] == '01':
print('order successful')
else:
print('error: ' + response_dict['RESPMSG'])
return render(request, 'paymentstatus.html', {'response': response_dict})
urls.py
urlpatterns = [
...
path('donate', views.donate, name='donate'),
path('payment/status', views.handlerequest, name='handlerequest'),
...
]
[解决方案]
首先,URL的 www.作为答案表明了问题所在.这样就解决了404错误.
[SOLUTION]
Firstly the www. to the url as the answer indicates was the issue. The 404 error was solved like this.
显示视图中的路径,URL中的路径应该相同.这为我解决了这个问题.
turns out the path in views and the path in urls should be the same. This solved the issue for me.
def donate(request):
...
paytm_params = {
"MID" : MERCHANTID,
"WEBSITE" : "DEFAULT",
"INDUSTRY_TYPE_ID" : "Retail",
"CHANNEL_ID" : "WEB",
"ORDER_ID" : ord_id,
"CUST_ID" : cust_id,
"MOBILE_NO" : phone,
"EMAIL" : email,
"TXN_AMOUNT" : str(amount),
"CALLBACK_URL" : "https://www.<my_domain>.org/payment/status",
...
urls.py
urlpatterns = [
...
path('donate', views.donate, name='donate'),
path('payment/status', views.handlerequest, name='handlerequest'),
...
]
请注意,在urls.py中,路径如下所述 payment/status .以前,在视图中,路径最后使用斜线,例如 https://www.< my_domain> .org/payment/status/.最终消除斜线对我有用.
Note that in the urls.py the path is as follows payment/status. Previously in views the path had a slash in the end like this https://www.<my_domain>.org/payment/status/. Removing the slash in the end worked for me.
如果您的网站是在PythonAnywhere上设置的,则可能位于 https://www.< my_domain> .org/,不是 https://< my_domain> .org/.因此,如果您的回调URL开头不包含 www.,请尝试添加它,看看是否可以解决问题.
If your site is set up on PythonAnywhere, it's probably at https://www.<my_domain>.org/, not https://<my_domain>.org/. So if your callback URL does not include the www. at the start, then try adding it and see if that fixes the problem.