Databases
StackOverflow2013
Postsdbo
POHow to disable Django's CSRF protection behind a proxy
Body
 

Note that there are some explanatory texts on larger screens.

plurals
  1. POHow to disable Django's CSRF protection behind a proxy
    text
    copied!<p>I need to run a Django system (let's call it Alfred) behind a Proxy. Both are on the same network. As Proxy I use yuri vandermeer's django-httpproxy. (see his page yvandermeer.net)</p> <p>Both Systems running Django version 1.2.4</p> <p>Both systems are in the same (closed) network and also on the same IP. I have the proxy running on port 8000 and Alfred on port 1337. I need to log on to Alfred using his /admin site, that comes by default with Django (and which i have enabled). This is working via port 1337, but I need to access it via port 8000.</p> <p>When I try it, Alfred is throwing an 403 CSRF Error and telling me that i'm acutally something like a man-in-the-middle (- and Alfred is completely right when its saying so).</p> <p>I tried several things to disable Alfreds CSRF protection: </p> <ol> <li>I commented out the CsrfViewMiddleware in the settings.py in MIDDLEWARE_CLASSES</li> <li><p>I created a disable.py and added its disableCSRF class to the MIDDLEWARE CLASSES (actually I tried each[!] position) like mentioned on this site (questions/1785772 )</p> <pre><code>#disable.py class DisableCSRF(object): def process_request(self, request): setattr(request, '_dont_enforce_csrf_checks', True)</code></pre></li> <li><p>I created a disable.py and added its disableCSRF class to the MIDDLEWARE CLASSES (again I tried each position) like mentioned in this other post here: <a href="http://hi.baidu.com/ledzep2/blog/item/e6b1612e21884c5c4ec2267a.html" rel="nofollow">http://hi.baidu.com/ledzep2/blog/item/e6b1612e21884c5c4ec2267a.html</a></p> <pre><code>#disable.py class DisableCSRF(object): def process_view(self, request, callback, callback_args, callback_kwargs): setattr(request, '_dont_enforce_csrf_checks', True)</code></pre></li> <li><p>I tried to comment out the Csfr protection mechanism in django/middleware/csrf.py but i found the relevant part around line 190 not around line 160 like mentioned on this site: questions/1650941/</p></li> </ol> <p>None of the things mentioned worked. I always get a 403 Error when I try to log on via /admin</p> <p>How can i disable the CSRF protection on Alfred? Is it possible to just disable it for /admin ? I'd prefer if I could do this by a middleware like mentioned in 2. and 3. and not by commenting something out in the source like in 4. If there is a middleware-way that would be great.</p> <p>thanks in advance! :)</p>
 

Querying!

 
Guidance
An individual column

Larger individual text columns get their own page to allow for proper reading.

SQuiL has stopped working due to an internal error.

If you are curious you may find further information in the browser console, which is accessible through the devtools (F12).

Reload