Open haesookim opened 4 years ago
Nevermind, doesn't work either when I clear cookies :(
Options that have been tried:
CORS_ORIGIN_WHITELIST = [
'http://localhost:3000'
'http://127.0.0.1:3000'
]
CORS_ALLOW_CREDENTIALS = True
CSRF_USE_SESSIONS = True
CSRF_COOKIE_SECURE = False SESSION_COOKIE_SECURE = False CSRF_COOKIE_NAME = "csrftoken"
* Adding the following to the actions file
+ defauls.xsrfCookieName and HeaderName were already included in the index.js of the actions file & index.js of the src folder. Neither works.
axios.defaults.xsrfCookieName = "csrftoken"; axios.defaults.xsrfHeaderName = "X-CSRFTOKEN"; axios.defaults.withCredentials = true;
* Seen issues
+ Request header safely inclues cookies & X-CSRFTOKEN, still receive 403 error
+ when called via 127.0.0.1:3000, request headers do not include cookies or X-CSRFTOKEN header (?????)
@ktaebum 조교님 혹시 이런 문제를 어떻게 해결하면 좋을지 조언을 주실 수 있을까요...? (주말에 정말 죄송합니다! 주중에 답 주셔도 괜찮습니다ㅠㅠ) 지금 troubleshooting 중인 코드는 hotfix/login-csrf-error 브랜치 에 있고, user app의 views.signin()에서 문제가 생긴 것을 해결하고 있습니다 (모든 signup 등 POST request가 막혀 있는 것 같아 보이기는 합니다...!) csrf_exempt decorator를 사용했을 때는 되는 것을 확인했습니다ㅠㅠ
Cases: (standard is the signin command)
다른건 아직 안 봐서 보르겠지만 incognito mode에서는 안 되는 이슈가 있습니다 (Team 1이 중간 발표 때 데모를 못 보여줬던 이유가 secret 모드에서 실행해서 그랬다고 했습니다) 다른 부분은 저도 한 번 확인을 해보겠습니다
@haesookim maybe same issue? https://github.com/swsnu/swppfall2019/issues/209
감사합니다!! 시도해보겠습니다!
Forbidden (CSRF cookie not set.):
Currently documented in Windows environment and incognito mode MAC (worked in my machine!! :( )
Edit: Worked up until
feature/implement-auth-backend
branch, possibly issue withfeature/redirections
branch but there has been no updates to user/views.py regarding signin()?Re-edit: Doesn't work at
feature/implement-auth-backend
in different computer, but works in my device with cookies erased, doesn't work at incognito mode. Need troubleshooting.