In my Django project's settings.py for deployment i want mywebsite.com to be the allowed hosts but putting it so throws the 500 error.
For production server when i use:
ALLOWED_HOSTS = ['localhost', 'mywebsite.com']
It throws error 500 on every page.
But if i change it to
ALLOWED_HOSTS = ['*']
It works fine.
I checked error.log of nginx but there is not error logged.
But i guess its not safe to keep * and i just want to keep mywebsite.com or www.mywebsite.com
Please suggest why its throwing 500 error.
Thanks
Probably a duplicate of Allowed Host Setting for Django on EC2 where I can find the answer working fine (as they have accepted it). Please try it like and check if this works.
ALLOWED_HOSTS = ['.mywebsite.com']
Related
I had a working page running Django with channels via Nginx, Daphne, Redis, and Gunicorn. After pulling an update from Github my index page now shows "Bad Request (400)" with nothing helpful in the console except for missing favicon. My settings.py has DEBUG = False and ALLOWED_HOSTS = ['AWS_IP']. Can anyone help me figure out what might be causing this?
When I'm using publicPath: '/static/' in my webpack config, my Vue.js app runs fine on a Django Webserver (both dev and production).
However now I'm trying to use history mode. I have to change the publicPath to "/", otherwise the URL always gets a "/static/" in between the domain and actual target.
The Vue.js dev server still runs fine, however both production and development Django server give me these errors in the browser console:
Uncaught SyntaxError: Unexpected token < Resource interpreted as
Stylesheet but transferred with MIME type text/html:
"http://127.0.0.1:8000/6.01a214ce.css".
I've tried several different solutions like:
publicPath: './'
assetsPublicPath: '/static/'
inside base html (gave me an error on compilation)
How can I resolve this issue?
it was actually a framework issue.. im using Quasar..
For some reason you have to change
base: process.env.VUE_ROUTER_BASE,
to
base: "/",
in router/index.js as the default seems to take the static url when you are using Django..
maybe it helps somebody
I'm configuring my flask app to run under iis with a reverse proxy. Basically my setup is like this:
external.domain.com:8000 ->
Reverse Proxy IIS ->
interal.network.net ->
iis (wfastcgi/flask)
The app's urls and content is loading correctly, but anything that deals with a session is not working:
Message flashing - no messages are flashed
Login cookies - not able to login at all
I've configured the flask app with these relevent config variables:
SERVER_NAME = 'internal.network.net'
SESSION_COOKIE_DOMAIN = 'external.domain.com'
I have an IIS rewrite rule set up on the external server:
Pattern: (.*)
Rewrite URL: http://internal.network.net/{R:1}
Is there anything else I need to configure to get sessions working correctly?
Not sure if this is the correct way of doing things but apparently excluding the properties SERVER_NAME and SESSION_COOKIE_DOMAIN actually fixes the issue.
Hope this helps someone.
I am porting a Django application to Flask, but am hitting this error on my last step: configuring it to run behind nginx/gunicorn. In Django, this threw a similar error message. To get rid of this error in Django you simply added ALLOWED_HOSTS to settings, but I cannot find anything comparable in the source code for flask_wtf.csrf
When I fill out a POST form and submit it, it fails with Bad Request Referrer checking failed - origin does not match..
Googling that string, I came to the source code of flask_wtf.csrf.CsrfProtect here. This is checking the referrer against the host. Manually executing that code myself, I can see that it compares the host:port of my nginx to the host:port of my gunicorn, and it is failing because my gunicorn port is on a different port than nginx.
Here is the relevant source code in that file, with my comments as annotation
# Presumably, good_referrer is Gunicorn, request.referrer is Nginx
# In Django's csrf source code, there is a list of ALLOWED_HOSTS to check against, instead
def protect(self):
#...
# If I change WTF_CSRF_SSL_STRICT to false, it doesn't fail
# But I should be able to check the referrer against a list of allowed hosts
if request.is_secure and self._app.config['WTF_CSRF_SSL_STRICT']:
#...
good_referrer = 'https://%s/' % request.host
if not same_origin(request.referrer, good_referrer):
reason = 'Referrer checking failed - origin does not match.'
return self._error_response(reason)
#... (line 262)
def same_origin(current_uri, compare_uri):
parsed_uri = urlparse(current_uri)
parsed_compare = urlparse(compare_uri)
if parsed_uri.scheme != parsed_compare.scheme:
return False
# The hostname includes the host:port
# This is where I think the failure occurs
# As Nginx is on a different port than gunicorn
if parsed_uri.hostname != parsed_compare.hostname:
return False
if parsed_uri.port != parsed_compare.port:
return False
return True
Im getting 500 internal server error everytime I try access my admin or login page. There's nothing in my error.log
Any ideas ?
Set DEBUG = True so that you can see the Django traceback
My DEBUG was set True. I found the error on my apache_log. The problem was that my sqlite3 database was a read only file.