CSRF Failed: Referer checking failed - no Referer
postman模拟登录出了这个错误,其实看标题就知道大概是怎么回事,网上大概找了办法,也没说到位,所以干脆自己找源码了.
问题很明显就是出在 CSRF 上,理所当然去查看 CsrfViewMiddleware 中间件:
1 class CsrfViewMiddleware(object): 2 3 def _accept(self, request): 4 5 request.csrf_processing_done = True 6 return None 7 8 def _reject(self, request, reason): 9 logger.warning('Forbidden (%s): %s', reason, request.path, 10 extra={ 11 'status_code': 403, 12 'request': request, 13 } 14 ) 15 return _get_failure_view()(request, reason=reason) 16 17 def process_view(self, request, callback, callback_args, callback_kwargs): 18 19 if getattr(request, 'csrf_processing_done', False): 20 return None 21 22 try: 23 csrf_token = _sanitize_token( 24 request.COOKIES[settings.CSRF_COOKIE_NAME]) 25 request.META['CSRF_COOKIE'] = csrf_token 26 except KeyError: 27 csrf_token = None 28 29 request.META["CSRF_COOKIE"] = _get_new_csrf_key() 30 31 return None 32 e that anything not defined as 'safe' by RFC2616 needs protection 33 if request.method not in ('GET', 'HEAD', 'OPTIONS', 'TRACE'): 34 if getattr(request, '_dont_enforce_csrf_checks', False): 35 return self._accept(request) 36 37 if request.is_secure(): 38 referer = force_text( 39 request.META.get('HTTP_REFERER'), 40 strings_only=True, 41 errors='replace' 42 ) 43 if referer is None: 44 return self._reject(request, REASON_NO_REFERER) # 问题就出在这里 45 46 good_referer = 'https://%s/' % request.get_host() 47 if not same_origin(referer, good_referer): 48 reason = REASON_BAD_REFERER % (referer, good_referer) 49 return self._reject(request, reason) 50 51 if csrf_token is None: 52 return self._reject(request, REASON_NO_CSRF_COOKIE) 53 request_csrf_token = "" 54 if request.method == "POST": 55 try: 56 request_csrf_token = request.POST.get('csrfmiddlewaretoken', '') 57 except IOError: 58 pass 59 60 if request_csrf_token == "": 61 request_csrf_token = request.META.get('HTTP_X_CSRFTOKEN', '') 62 63 if not constant_time_compare(request_csrf_token, csrf_token): 64 return self._reject(request, REASON_BAD_TOKEN) 65 66 return self._accept(request)
首先在文件里面搜索报错的信息字符串,找到这个:
REASON_NO_REFERER = "Referer checking failed - no Referer."
然后搜索 REASON_NO_REFERER 就会找到上面的那一段代码中出错的位置.(为什么写这些东西,因为我有个同学就是从来都不会找出错原因,方法有时候比结论更重要)
然后代码里面说的很清楚了, referer = request.META.get('HTTP_REFERER')
这就说明请求头里面没有 REFERER这个信息,都知道的,Django会把自定义的请求头大写并在前面添加 HTTP_ ,所以在postman的header里面添加这个 referer 字段就好了.
注意,referer的格式是 https://www.domain.com/. 后面有个点
然后就OK了
多说两句,看看人家django多贴心,如果是post请求的话,会尝试从两个地方获取csrftoken,请求体里面可以放,就算忘了放,还会从请求头里面拿(54行 - 64行)
转载于:https://www.cnblogs.com/haiton/p/10715120.html
CSRF Failed: Referer checking failed - no Referer相关推荐
- 访问django后台,提示CSRF验证失败. 请求被中断.Referer checking failed - **** does not match any trust
1.非debug模式看到的报错 2.settings打开debug模式,才能把报错信息看的详细 3.去settings.py中,找到CsrfViewMiddleware 中间件,点击进入 4.搜索匹配 ...
- WCF 内存入口检查失败 Memory gates checking failed
WCF 内存入口检查失败 Memory gates checking failed 异常信息:内存入口检查失败,因为可用内存(xxx 字节)少于总内存的 xx%.因此,该服务不可用于传入的请求.若 ...
- gitlab报错 fatal: index-pack failed error: RPC failed; result=18, HTTP code = 200解决方案
gitlab报错 "fatal: index-pack failed error: RPC failed; result=18, HTTP code = 200",如下图 这个问题 ...
- vboxdrv.sh failed modprobe vboxdrv failed. Please use 'dmesg' to find out why
vboxdrv.sh: failed: modprobe vboxdrv failed. Please use 'dmesg' to find out why. There were problems ...
- Android studio之迁移定制出现Installation failed with message Failed to finalize session
1.问题 把之前能运行的android studio项目换了个目录,但是运行出现这个错误 Installation failed with message Failed to finalize ses ...
- 用sqoop把hdfs数据存储到mysql报错,Job job_1566707990804_0002 failed with state FAILED due to: Tas k failed
用sqoop把hdfs数据存储到mysql数据库,报错 Job job_1566707990804_0002 failed with state FAILED due to: Tas k failed ...
- Installation failed with message Failed to finalize session : INSTALL_FAILED_INVALID_APK:
bug 记录: Installation failed with message Failed to finalize session : INSTALL_FAILED_INVALID_APK: 解决 ...
- unpacking of archive failed: cpio: lstat failed - Not a directory
今天在公司服务器上安装rpm包的时候报了一个奇怪的cpio错误.(大部分错误可以重装cpio或者重新下载rpm包可以解决) unpacking of archive failed: cpio: lst ...
- OCI runtime create failed: runc create failed: unable to start container process: --docker加载镜像
OCI runtime create failed: runc create failed: unable to start container process: exec: "env&qu ...
最新文章
- ubuntu14.04如何在线安装eclipse以及C/C++开发组件,搭建软件开发平台
- 常用分类算法的优缺点
- UA MATH564 概率分布1 二项分布下
- Java实现插值查找算法 Insert search
- 计组-输入输出系统小结
- Head First设计模式之备忘录模式
- python编辑器背景设置为黑色_VScode 配置为Python编辑器
- 服务器位置设置在哪里找,服务器主页在哪里设置方法
- 李飞飞李佳“逆风翻盘”:谷歌全新AutoML产品发布,AI客服规模化商用
- 互联网卫星地图服务比较
- 企业微信员工离职后,还能看聊天记录吗?
- 《长安十二时辰》中的计算社会学 | 数据科学赋能人文创新论坛
- 弹性力学,塑性力学,流变学,连续介质力学,断裂力学,流体力学基本定义及关系
- Ubuntu下插入网线无法联网的问题
- Android禁止截屏
- Python 实现文本共现网络分析
- 爬虫之使用代理ip爬取
- 字符串的初始化(详解)
- Intel芯片组大全最新版
- Pulmonary nodule detection in CT scans with equivariant CNNs
热门文章
- 苹果手机数据恢复工具
- QML官方系列教程——Use Case - Animations In QML
- c语言 --- 基本输入输出
- WPF 使用Command,CommandParameter向 MVVM传递多个参数
- 内网穿透工具:钉钉HTTP内网穿透使用与讲解
- 爬虫取中间文本_Python爬虫追美剧?你咋这么溜溜溜上篇
- MAVEN项目报错:An internal error occurred during: Updating Maven Project java.lang.NullPoint
- 视频+白皮书 | Kyligence 与 Kylin 功能差异详解
- MySQL数据库学习笔记 4/24
- 【新书推荐】【2020.02】飞机导航系统状态预测的概率统计方法