Django CSRF. Can I POST from subdomain to main domain?

2018-06-11 18:34:00

I have looked at similar discussions but can't seem to find an answer to my question.

I'm working on an app in which each account will have their own instance served on a subdomain. http://account.myawesomeapp.com.

The users will login from this page and the login form will be posted to https://myawesomeapp.com/my_login_view/ afterwards I will do some username/account hashing, and db. auth session things and redirect to: http://account.myawesomeapp.com/registration/handoff// - which will then login the user and delete the auth session entry.

However. Although I have set CSRF_COOKIE_DOMAIN to '.myawesomeapp.com', I get an CSRF error when posting from the subdomain to the main domain?

I this not possible? Will I have to create a special subdomain for my SSL login needs?

I hope my question makes sense and that I've not messed up in the django terms and conventions :)

UPDATE:

I found this blog entry: http://zachsnow.com/#!/blog/2012/django-subdomains-csrf-and-https/

Will that method work? Is it safe?

UPDATE 2:

Tried Zachs approach and it didn't work... I keep getting this error:

Reason given for failure: CSRF cookie not set.

链接地址: http://www.djcxy.com/p/33734.html

上一篇: 网页有一个重定向循环

下一篇: Django CSRF。我可以从子域名到主域名吗？