开发者

ModSecurity error with Django

I'm trying to access a Django page through a Facebook App (iframe) I made using fb.py on DreamHost and I keep getting an internal server error.

Looking in the error logs, this is what I see:

ModSecurity: Output filter: Failed to read bucket (rc 104): Connection reset by peer

I think it just has to do with the POST request. Somebody else asked about this error on a number of forums almost a year ago, to no avail:

ModSecurity: Output filter: Failed to read bucket (rc 104): Connection reset by peer

All I could find searching was this at http://www.modsecurity.org:

"When mod_security denies such a request, it sends an error bucket with开发者_如何学编程 e.g. code 403 down the output filter chain, leaving r->status as is (e.g. 500)."

Any ideas? Thanks!


Have you implemented CSRF protection as per https://docs.djangoproject.com/en/dev/ref/contrib/csrf/#ajax ?

Note to cross-check with the version of Django you are using.


So I've spent way too much time trying to figure this out. I've settled on a (slightly shitty) work-around: add {% csrf_token %} to any place in your template (I'm assuming you passed in the context_instance=RequestContext(request) argument to your render_to_response or whatever).

I think what is happening is that the cookie doesn't actually get set (this can be confirmed through inspecting the cookies in any browser's development tools). Adding the above code to your template forces this. I have a feeling that this may be remedied in later versions of Django, and it seems as though there are obvious fixes for 1.4+ (e.g., see here). Unfortunately dreamhost has stuck us with 1.2.3, so we need to make do.

0

上一篇:

下一篇:

精彩评论

暂无评论...
验证码 换一张
取 消

最新问答

问答排行榜