问题
I'm having 403 Forbidden error after saving or editing elements from Django admin, on Microsoft Edge. I'm logged in as superuser, so I have all the permissions for adding/editing elements through the admin. In fact, the problem is presenting when I successfully add a new element and then I decide to "save and continue editing" or "save and add another". The second modification/creation will always fail with the 403 error. It works well on all the other browsers, just Microsoft Edge fails. Any ideas?
I'm using Django 1.11.7.
Here is an example of my settings.py:
import os
import raven
from core.run_environment import RunEnvironment
gettext = lambda s: s
CURRENT_ENV = RunEnvironment.current_env()
# Build paths inside the project like this: os.path.join(BASE_DIR, ...)
BASE_DIR = os.path.dirname(os.path.dirname(os.path.abspath(__file__)))
SECRET_KEY = ''
DEBUG = CURRENT_ENV == RunEnvironment.LOCAL
ALLOWED_HOSTS = ['127.0.0.1', 'mysite.mydomain.com']
DOMAIN = '.mydomain.com'
CSRF_COOKIE_DOMAIN = DOMAIN
SESSION_COOKIE_DOMAIN = DOMAIN
CSRF_TRUSTED_ORIGINS = ['mysite.mydomain.com', '127.0.0.1']
ADMINS = (
('Admin name', 'admin@adminemail.com'),
)
MANAGERS = ADMINS
INSTALLED_APPS = [
'django.contrib.sites',
'admintheme',
'django.contrib.admin',
'django.contrib.auth',
'django.contrib.contenttypes',
'django.contrib.sessions',
'django.contrib.messages',
'django.contrib.staticfiles',
'rest_framework',
'accounts',
'allauth',
'allauth.account',
'allauth.socialaccount',
'raven.contrib.django.raven_compat',
'ajax_select',
'mptt',
'geoposition',
'adminsortable2',
'easy_thumbnails',
'filer',
'subscriptions',
'ckeditor',
'ckeditor_filebrowser_filer',
'core',
'hitcount',
]
MIDDLEWARE = [
'django.middleware.security.SecurityMiddleware',
'django.contrib.sessions.middleware.SessionMiddleware',
'django.middleware.common.CommonMiddleware',
'django.middleware.csrf.CsrfViewMiddleware',
'django.contrib.auth.middleware.AuthenticationMiddleware',
'django.contrib.messages.middleware.MessageMiddleware',
'django.middleware.clickjacking.XFrameOptionsMiddleware',
'core.middleware.TimezoneMiddleware',
]
ROOT_URLCONF = 'mysite.urls'
TEMPLATES = [
{
'BACKEND': 'django.template.backends.django.DjangoTemplates',
'DIRS': [],
'APP_DIRS': True,
'OPTIONS': {
'context_processors': [
'django.template.context_processors.debug',
'django.template.context_processors.request',
'django.contrib.auth.context_processors.auth',
'django.contrib.messages.context_processors.messages',
'core.context_processors.app_name'
],
},
},
]
WSGI_APPLICATION = 'mysite.wsgi.application'
SITE_ID = 1
# ======================================================================================================================
# Database
# https://docs.djangoproject.com/en/1.11/ref/settings/#databases
# ======================================================================================================================
CONFIG_DATABASES = {
RunEnvironment.LIVE: {
'default': {
'ENGINE': 'django.db.backends.postgresql_psycopg2',
'NAME': '',
'USER': '',
'PASSWORD': '',
'HOST': '127.0.0.1',
}
},
RunEnvironment.STAGE: {
'default': {
'ENGINE': 'django.db.backends.postgresql_psycopg2',
'NAME': '',
'USER': '',
'PASSWORD': '',
'HOST': '127.0.0.1',
}
},
RunEnvironment.LOCAL: {
'default': {
'ENGINE': 'django.db.backends.postgresql_psycopg2',
'NAME': '',
'USER': '',
'PASSWORD': '',
'HOST': '127.0.0.1',
}
}
}
DATABASES = CONFIG_DATABASES[CURRENT_ENV]
# ======================================================================================================================
# Password validation
# https://docs.djangoproject.com/en/1.11/ref/settings/#auth-password-validators
# ======================================================================================================================
AUTH_PASSWORD_VALIDATORS = [
{
'NAME': 'django.contrib.auth.password_validation.UserAttributeSimilarityValidator',
},
{
'NAME': 'django.contrib.auth.password_validation.MinimumLengthValidator',
},
{
'NAME': 'django.contrib.auth.password_validation.CommonPasswordValidator',
},
{
'NAME': 'django.contrib.auth.password_validation.NumericPasswordValidator',
},
]
# ======================================================================================================================
# Internationalization
# https://docs.djangoproject.com/en/1.11/topics/i18n/
# ======================================================================================================================
LANGUAGE_CODE = 'it'
TIME_ZONE = 'UTC'
USE_I18N = True
USE_L10N = True
USE_TZ = True
LANGUAGES = (
('it', gettext('Italiano')),
# ('en', gettext('English')),
)
# ======================================================================================================================
# Static files (CSS, JavaScript, Images)
# https://docs.djangoproject.com/en/1.11/howto/static-files/
# ======================================================================================================================
STATIC_URL = '/static/'
STATIC_ROOT = os.path.join(BASE_DIR, '../static/')
MEDIA_URL = '/media/'
MEDIA_ROOT = os.path.join(BASE_DIR, '../media/')
# ======================================================================================================================
# Custom Auth
# ======================================================================================================================
AUTH_USER_MODEL = 'accounts.User'
# ======================================================================================================================
# REST Framework
# ======================================================================================================================
REST_FRAMEWORK = {
'DEFAULT_AUTHENTICATION_CLASSES': (
'rest_framework.authentication.SessionAuthentication',
),
'DEFAULT_PERMISSION_CLASSES': [
'rest_framework.permissions.IsAuthenticated',
],
'DEFAULT_RENDERER_CLASSES': [
'rest_framework.renderers.JSONRenderer',
],
'DEFAULT_PAGINATION_CLASS': 'rest_framework.pagination.LimitOffsetPagination',
'PAGE_SIZE': 200,
}
# ======================================================================================================================
# Django Allauth
# ======================================================================================================================
AUTHENTICATION_BACKENDS = (`allauth`
'django.contrib.auth.backends.ModelBackend',
'allauth.account.auth_backends.AuthenticationBackend',
)
ACCOUNT_USER_MODEL_USERNAME_FIELD = None
ACCOUNT_EMAIL_REQUIRED = True
ACCOUNT_USERNAME_REQUIRED = False
ACCOUNT_AUTHENTICATION_METHOD = 'email'
ACCOUNT_SIGNUP_PASSWORD_ENTER_TWICE = True
if DEBUG:
ACCOUNT_EMAIL_SUBJECT_PREFIX = 'DEBUG: MySite.com - '
else:
ACCOUNT_EMAIL_SUBJECT_PREFIX = 'MySite.com - '
ACCOUNT_LOGOUT_ON_GET = True
ACCOUNT_ADAPTER = 'accounts.adapter.AccountAdapter'
ACCOUNT_LOGIN_ON_EMAIL_CONFIRMATION = True
ACCOUNT_CONFIRM_EMAIL_ON_GET = True
ACCOUNT_EMAIL_CONFIRMATION_AUTHENTICATED_REDIRECT_URL = '/accounts/email-confirmed/'
ACCOUNT_EMAIL_VERIFICATION = "mandatory"
ACCOUNT_UNIQUE_EMAIL = True
# ======================================================================================================================
# Easy Thumbnails
# ======================================================================================================================
THUMBNAIL_HIGH_RESOLUTION = True
THUMBNAIL_PROCESSORS = (
'easy_thumbnails.processors.colorspace',
'easy_thumbnails.processors.autocrop',
'filer.thumbnail_processors.scale_and_crop_with_subject_location',
'easy_thumbnails.processors.filters',
)
# ======================================================================================================================
# CKEditor
# ======================================================================================================================
CKEDITOR_CONFIGS = {
'default': {
'width': '100%',
'toolbar': 'Custom',
'toolbar_Custom': [
['Bold', 'Italic', 'Underline'],
['NumberedList', 'BulletedList', '-', 'Outdent', 'Indent', '-', 'JustifyLeft', 'JustifyCenter', 'JustifyRight', 'JustifyBlock'],
['Link', 'Unlink'],
# ['FilerImage'],
['RemoveFormat', 'Source']
],
'extraPlugins': 'filerimage',
'removePlugins': 'image'
},
'dashboard': {
'width': '100%',
'toolbar': 'Custom',
'toolbar_Custom': [
['Bold', 'Italic', 'Underline'],
['NumberedList', 'BulletedList'],
['RemoveFormat']
],
'removePlugins': 'image'
},
}
# ======================================================================================================================
# Geoposition
# ======================================================================================================================
GEOPOSITION_GOOGLE_MAPS_API_KEY = ''
# ======================================================================================================================
# Sentry
# ======================================================================================================================
if DEBUG is False:
RAVEN_CONFIG = {
'dsn': '',
}
# ======================================================================================================================
# Django Notifications
# ======================================================================================================================
NOTIFICATIONS_USE_JSONFIELD = True
# ======================================================================================================================
# Celery
# ======================================================================================================================
CELERY_BROKER_URL = ''
CELERY_RESULT_BACKEND = 'rpc://'
CELERY_BEAT_SCHEDULER = 'django_celery_beat.schedulers:DatabaseScheduler'
Django returns the 403 error this way:
Forbidden (403)
You are seeing this message because this HTTPS site requires a 'Referer header' to be sent by your Web browser, but none was sent. This header is required for security reasons, to ensure that your browser is not being hijacked by third parties.
来源:https://stackoverflow.com/questions/52252990/django-admin-returns-403-forbidden-error-on-microsoft-edge-after-consecutive-pos