Django Admin登录403 Forbidden(未设置CSRF cookie。)

Posted

tags:

篇首语:本文由小常识网(cha138.com)小编为大家整理,主要介绍了Django Admin登录403 Forbidden(未设置CSRF cookie。)相关的知识,希望对你有一定的参考价值。

我正在尝试登录管理面板,但我收到403 Forbidden错误。上周,没有错误。我什么都没改变。我几乎在StackOverFlow中尝试了所有相同问题的解决方案。请帮我!谢谢阅读。我为我可怜的英语道歉。

系统:

Ubuntu 16.04
Python 3.5
Django 2.0
Gunicorn
nginx
iRedMail

django debug.log

    Exception while resolving variable 'is_popup' in template 'admin/login.html'.
Traceback (most recent call last):
  File "/home/xxx/xxx/xxx/lib/python3.5/site-packages/django/template/base.py", line 829, in _resolve_lookup
    current = current[bit]
  File "/home/xxx/xxx/xxx/lib/python3.5/site-packages/django/template/context.py", line 83, in __getitem__
    raise KeyError(key)
KeyError: 'is_popup'

During handling of the above exception, another exception occurred:

Traceback (most recent call last):
  File "/home/xxx/xxx/xxx/lib/python3.5/site-packages/django/template/base.py", line 835, in _resolve_lookup
    if isinstance(current, BaseContext) and getattr(type(current), bit):
AttributeError: type object 'RequestContext' has no attribute 'is_popup'

During handling of the above exception, another exception occurred:

Traceback (most recent call last):
  File "/home/xxx/xxx/xxx/lib/python3.5/site-packages/django/template/base.py", line 843, in _resolve_lookup
    current = current[int(bit)]
ValueError: invalid literal for int() with base 10: 'is_popup'

During handling of the above exception, another exception occurred:

Traceback (most recent call last):
  File "/home/xxx/xxx/xxx/lib/python3.5/site-packages/django/template/base.py", line 850, in _resolve_lookup
    (bit, current))  # missing attribute
django.template.base.VariableDoesNotExist: Failed lookup for key [is_popup] in [{'False': False, 'None': None, 'True': True}, {'base_url': 'domain.com', 'DEFAULT_MESSAGE_LEVELS': {'DEBUG': 10, 'SUCCESS': 25, 'WARNING': 30, 'ERROR': 40, 'INFO': 20}, 'perms': <django.contrib.auth.context_processors.PermWrapper object at 0x7f3ea494a128>, 'messages': <django.contrib.messages.storage.fallback.FallbackStorage object at 0x7f3ea4977240>, 'request': <WSGIRequest: GET '/admin/login/?next=/admin/'>, 'user': <SimpleLazyObject: <django.contrib.auth.models.AnonymousUser object at 0x7f3ea4977278>>, 'csrf_token': <SimpleLazyObject: <function csrf.<locals>._get_val at 0x7f3ea49a2048>>, 'categories': <QuerySet [<Category: ASD>, <Category: ASD>, <Category: ASD>, <Category: ASD>, <Category: ASD>]>}, {}, {'site_url': '/', 'next': '/admin/', 'title': 'Oturum aç', 'view': <django.contrib.auth.views.LoginView object at 0x7f3ea4977320>, 'username': '', 'LANGUAGE_BIDI': False, 'site': <django.contrib.sites.requests.RequestSite object at 0x7f3ea4977630>, 'site_name': 'www.domain.com', 'LANGUAGE_CODE': 'TR', 'form': <AdminAuthenticationForm bound=False, valid=Unknown, fields=(username;password)>, 'available_apps': [], 'site_title': '', 'has_permission': False, 'app_path': '/admin/login/?next=/admin/', 'site_header': ''}]
Forbidden (CSRF cookie not set.): /admin/login/

/etc/Nginx/sites-enabled/00-default.conf

#
# Note: This file must be loaded before other virtual host config files,
#
# HTTP
server{
    listen 80;
    server_name www.domain.com;

     location = /favicon.ico { access_log off; log_not_found off; }
     location /static/ {
     root /home/xxx/xxx;
     expires 1M;
     access_log off;
     add_header Cache-Control "public";
}

location /media/ {
     root /home/xxx/xxx;
     expires 1M;
     access_log off;
     add_header Cache-Control "public";
}
location / {
     include proxy_params;
     proxy_pass http://unix:/home/xxx/xxx/domain.sock;
     add_header X-Xss-Protection "1; mode=block" always;
     add_header X-Content-Type-Options nosniff;
     add_header 'Referrer-Policy' 'no-referrer';
     add_header Content-Security-Policy "default-src 'self';";
     add_header Strict-Transport-Security "max-age=31536000; includeSubDomains" always;
}

}
server {
     # Listen on ipv4
     listen 443;

     # Listen on ipv6.
     # Note: this setting listens on both ipv4 and ipv6 with Nginx release
     #       shipped in some Linux/BSD distributions.
     #listen [::]:80;
     server_name https://mail.domain.com;
}
答案

已解决修改了具有以下行的文件settings.py:

CSRF_COOKIE_SECURE = False
SESSION_COOKIE_SECURE = False

以上是关于Django Admin登录403 Forbidden(未设置CSRF cookie。)的主要内容,如果未能解决你的问题,请参考以下文章

Django:handler403 不起作用,但 404 起作用

使用jinjia2时报错 (admin.E403) A ‘django.template.backends.django.DjangoTemplates’ instance must be confi

django 403 禁止 - 重定向到登录

为啥 Django 管理员登录给我 403 CSRF 错误?

django 自带的admin登录页面可以换自己做的登录页面吗?

在 centOS 上运行 phpmyadmin - 禁止错误 (403)