[Bug] CSRF Cookie not set errors

swsnu / swpp2019-team5

WearHouse - Your very own fashion Warehouse

3 stars 4 forks source link

[Bug] CSRF Cookie not set errors #82

Open haesookim opened 4 years ago

haesookim commented 4 years ago

Forbidden (CSRF cookie not set.):

Currently documented in Windows environment and incognito mode MAC (worked in my machine!! :( )

Edit: Worked up until feature/implement-auth-backend branch, possibly issue with feature/redirections branch but there has been no updates to user/views.py regarding signin()?

Re-edit: Doesn't work at feature/implement-auth-backend in different computer, but works in my device with cookies erased, doesn't work at incognito mode. Need troubleshooting.

haesookim commented 4 years ago

Nevermind, doesn't work either when I clear cookies :(

haesookim commented 4 years ago

Options that have been tried:

Installing django-cors-headers and using corsMiddleware

adding the following code to settings.py (base.py in our case)


CORS_ORIGIN_WHITELIST = [
'http://localhost:3000'
'http://127.0.0.1:3000'
]
CORS_ALLOW_CREDENTIALS = True
CSRF_USE_SESSIONS = True

CSRF_COOKIE_SECURE = False SESSION_COOKIE_SECURE = False CSRF_COOKIE_NAME = "csrftoken"

* Adding the following to the actions file 
  + defauls.xsrfCookieName and HeaderName were already included in the index.js of the actions file & index.js of the src folder. Neither works.

axios.defaults.xsrfCookieName = "csrftoken"; axios.defaults.xsrfHeaderName = "X-CSRFTOKEN"; axios.defaults.withCredentials = true;



* Seen issues
  + Request header safely inclues cookies & X-CSRFTOKEN, still receive 403 error
  + when called via 127.0.0.1:3000, request headers do not include cookies or X-CSRFTOKEN header (?????)

haesookim commented 4 years ago

@ktaebum 조교님 혹시 이런 문제를 어떻게 해결하면 좋을지 조언을 주실 수 있을까요...? (주말에 정말 죄송합니다! 주중에 답 주셔도 괜찮습니다ㅠㅠ) 지금 troubleshooting 중인 코드는 hotfix/login-csrf-error 브랜치 에 있고, user app의 views.signin()에서 문제가 생긴 것을 해결하고 있습니다 (모든 signup 등 POST request가 막혀 있는 것 같아 보이기는 합니다...!) csrf_exempt decorator를 사용했을 때는 되는 것을 확인했습니다ㅠㅠ

haesookim commented 4 years ago

Cases: (standard is the signin command)

Works in ARC with token value set
Does not work in incognito mode, my machine
Does work in regular mode, my machine (doesn't seem to work in other machines)

ktaebum commented 4 years ago

다른건 아직 안 봐서 보르겠지만 incognito mode에서는 안 되는 이슈가 있습니다 (Team 1이 중간 발표 때 데모를 못 보여줬던 이유가 secret 모드에서 실행해서 그랬다고 했습니다) 다른 부분은 저도 한 번 확인을 해보겠습니다

ktaebum commented 4 years ago

@haesookim maybe same issue? https://github.com/swsnu/swppfall2019/issues/209

haesookim commented 4 years ago

감사합니다!! 시도해보겠습니다!