search

zmister2016 / MrDoc

mrdoc,online document system developed based on python. It is suitable for individuals and small teams to manage documents, wiki, knowledge and notes. 觅思文档,适合于个人和中小型团队的在线文档、知识库系统。
https://mrdoc.pro/
GNU General Public License v3.0
2.94k stars 549 forks source link

nginx+uwsgi 部署完成后无法创建文档,一直在转圈圈,有遇到过吗? #48

Closed CoolSoybean closed 3 years ago

CoolSoybean commented 3 years ago

image

GET /create_doc/ => generated 52748 bytes in 263 msecs (HTTP/1.1 200) 6 headers in 332 bytes (1 switches on core 1)
POST /create_project/ => generated 1889 bytes in 184 msecs (HTTP/1.1 403) 5 headers in 155 bytes (1 switches on core 0)
POST /create_project/ => generated 1889 bytes in 232 msecs (HTTP/1.1 403) 5 headers in 155 bytes (1 switches on core 1)
POST /create_project/ => generated 1889 bytes in 181 msecs (HTTP/1.1 403) 5 headers in 155 bytes (1 switches on core 0)
POST /create_project/ => generated 1889 bytes in 172 msecs (HTTP/1.1 403) 5 headers in 155 bytes (1 switches on core 1)
POST /create_project/ => generated 1889 bytes in 172 msecs (HTTP/1.1 403) 5 headers in 155 bytes (1 switches on core 0)
POST /create_project/ => generated 1889 bytes in 216 msecs (HTTP/1.1 403) 5 headers in 155 bytes (1 switches on core 1)
POST /create_project/ => generated 1889 bytes in 184 msecs (HTTP/1.1 403) 5 headers in 155 bytes (1 switches on core 0)
POST /create_project/ => generated 1889 bytes in 171 msecs (HTTP/1.1 403) 5 headers in 155 bytes (1 switches on core 1)
POST /create_project/ => generated 1889 bytes in 193 msecs (HTTP/1.1 403) 5 headers in 155 bytes (1 switches on core 0)
POST /create_doc/ => generated 1889 bytes in 182 msecs (HTTP/1.1 403) 5 headers in 155 bytes (1 switches on core 1)
CoolSoybean commented 3 years ago

发现无法POST, Status Code: 403 Forbidden,具体提示如下: image

Forbidden (403) CSRF verification failed. Request aborted.

You are seeing this message because this HTTPS site requires a 'Referer header' to be sent by your Web browser, but none was sent. This header is required for security reasons, to ensure that your browser is not being hijacked by third parties.

If you have configured your browser to disable 'Referer' headers, please re-enable them, at least for this site, or for HTTPS connections, or for 'same-origin' requests.

If you are using the tag or including the 'Referrer-Policy: no-referrer' header, please remove them. The CSRF protection requires the 'Referer' header to do strict referer checking. If you're concerned about privacy, use alternatives like <a rel="noreferrer" ...> for links to third-party sites.

CoolSoybean commented 3 years ago

@zmister2016 模板中的所有的meta都需要修改一下策略,就ok了。

zmister2016 commented 3 years ago

@CoolSoybean 感谢反馈,刚刚看了一下你提交的PR,修改是的HTML页面的<meta name="referrer" content="no-referrer">,这个之前是为了文档内的外链视频播放而设置的,等我测试一下,看看能否兼容。还有,最近模板文件在进行大改动,PR可能不会合并,望理解~

CoolSoybean commented 3 years ago

多谢回复。 具体用什么策略是得需要好好看一下。这个估计也就是暂时解决一下我的问题😄。 这次大动的时候能不能增加一个英文版?

zmister2016 commented 3 years ago

HTML模板里面很多中文已经添加了Django的翻译标签,但是精力有限,没有做翻译

Jonnyan404 commented 3 years ago

果然还是影响了 editormd 的iframe外链播放,其它编辑器不影响.

另外这个转圈圈,根据群里反馈,有部分是因为宝塔面板的nginx防火墙拦截了 POST 请求.

zmister2016 commented 3 years ago

最新代码已修复相关问题,将归版至0.6.6