Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

[Bug] CSRF Cookie not set errors #82

Open
haesookim opened this issue Nov 23, 2019 · 7 comments
Open

[Bug] CSRF Cookie not set errors #82

haesookim opened this issue Nov 23, 2019 · 7 comments
Labels
backend bug Something isn't working help wanted Extra attention is needed

Comments

@haesookim
Copy link
Contributor

haesookim commented Nov 23, 2019
edited
Loading

Forbidden (CSRF cookie not set.):

Currently documented in Windows environment and incognito mode MAC
(worked in my machine!! :( )

Edit: Worked up until feature/implement-auth-backend branch, possibly issue with feature/redirections branch but there has been no updates to user/views.py regarding signin()?

Re-edit: Doesn't work at feature/implement-auth-backend in different computer, but works in my device with cookies erased, doesn't work at incognito mode. Need troubleshooting.
@haesookim haesookim added bug Something isn't working help wanted Extra attention is needed backend labels Nov 23, 2019
@haesookim
Copy link
Contributor Author

Nevermind, doesn't work either when I clear cookies :(

@haesookim
Copy link
Contributor Author

haesookim commented Nov 23, 2019
edited
Loading

Options that have been tried:

  • Installing django-cors-headers and using corsMiddleware
  • adding the following code to settings.py (base.py in our case)
CORS_ORIGIN_WHITELIST = [
    'http://localhost:3000'
    'http://127.0.0.1:3000'
]
CORS_ALLOW_CREDENTIALS = True
CSRF_USE_SESSIONS = True

CSRF_COOKIE_SECURE = False
SESSION_COOKIE_SECURE = False
CSRF_COOKIE_NAME = "csrftoken"
  • Adding the following to the actions file
    • defauls.xsrfCookieName and HeaderName were already included in the index.js of the actions file & index.js of the src folder. Neither works.
axios.defaults.xsrfCookieName = "csrftoken";
axios.defaults.xsrfHeaderName = "X-CSRFTOKEN";
axios.defaults.withCredentials = true;
  • Seen issues
    • Request header safely inclues cookies & X-CSRFTOKEN, still receive 403 error
    • when called via 127.0.0.1:3000, request headers do not include cookies or X-CSRFTOKEN header (?????)

@haesookim
Copy link
Contributor Author

@ktaebum 조교님 혹시 이런 문제를 어떻게 해결하면 좋을지 조언을 주실 수 있을까요...? (주말에 정말 죄송합니다! 주중에 답 주셔도 괜찮습니다ㅠㅠ)
지금 troubleshooting 중인 코드는 hotfix/login-csrf-error 브랜치 에 있고, user app의 views.signin()에서 문제가 생긴 것을 해결하고 있습니다 (모든 signup 등 POST request가 막혀 있는 것 같아 보이기는 합니다...!)
csrf_exempt decorator를 사용했을 때는 되는 것을 확인했습니다ㅠㅠ

@haesookim
Copy link
Contributor Author

haesookim commented Nov 23, 2019
edited
Loading

Cases: (standard is the signin command)

  • Works in ARC with token value set
  • Does not work in incognito mode, my machine
  • Does work in regular mode, my machine (doesn't seem to work in other machines)

@ktaebum
Copy link

ktaebum commented Nov 23, 2019

다른건 아직 안 봐서 보르겠지만
incognito mode에서는 안 되는 이슈가 있습니다 (Team 1이 중간 발표 때 데모를 못 보여줬던 이유가 secret 모드에서 실행해서 그랬다고 했습니다)
다른 부분은 저도 한 번 확인을 해보겠습니다

@ktaebum
Copy link

ktaebum commented Nov 25, 2019

@haesookim maybe same issue? swsnu/swppfall2019#209

@haesookim
Copy link
Contributor Author

감사합니다!! 시도해보겠습니다!

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
backend bug Something isn't working help wanted Extra attention is needed
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
2 participants
@haesookim @ktaebum