Forums

403 for web request, 200 for browser request

Hello!

I've catch a some issue in my payd accont.

http://great.new.vitosap.ru/payment_return/ is working fine if I open it with browser

But when 3rd party service is request for this page I see 403 error

5.196.121.217 - - [02/Feb/2018:14:57:45 +0000] "POST /payment_return/ HTTP/1.1" 403 1374 "-" "Mozilla/5.0 (Windows NT 5.1; rv:31.0) Gecko/20100101 Firefox/31.0" "_._.121.217" response-time=0.013
deleted-user-3267984 | 5 posts | Feb. 2, 2018, 3:05 p.m. | permalink

If you opened it in a browser, you made a get request. That log is showing a post request. You have not set your view to accept post requests.

Staff glenn | 9498 posts | PythonAnywhere staff | Feb. 2, 2018, 3:18 p.m. | permalink

OMG! Tocken!

deleted-user-3267984 | 5 posts | Feb. 2, 2018, 3:19 p.m. | permalink

Hello, glenn!

This is just test Django view

def payment_return( request ):
    from django.http import HttpResponse
        return HttpResponse( 'ok' )

What I need to do?

deleted-user-3267984 | 5 posts | Feb. 2, 2018, 3:25 p.m. | permalink

I've found it in errors

2018-02-02 14:57:45,543: Forbidden (CSRF cookie not set.): /megakassa_payment_return/
deleted-user-3267984 | 5 posts | Feb. 2, 2018, 3:39 p.m. | permalink

I wrote

from django.views.decorators.csrf import csrf_exempt
@csrf_exempt
def payment_return( request ):
    ...

And now

 5.196.121.217 - - [02/Feb/2018:15:42:44 +0000] "POST /payment_return/ HTTP/1.1" 200 476 "-" "Mozilla/5.0 (Windows NT 5.1; rv:31.0) Gecko/20100101 Firefox/31.0" "_.___.121.217" response-time=0.401
deleted-user-3267984 | 5 posts | Feb. 2, 2018, 3:49 p.m. | permalink

Cool

Staff glenn | 9498 posts | PythonAnywhere staff | Feb. 2, 2018, 4:56 p.m. | permalink

i have use csrf_exempt still i get 403 error, please help me out! The request works fine in local machine but csrf verification failed in production.

Beloved premium user harshdonga | 9 posts | Jan. 28, 2021, 8:19 a.m. | permalink

We need to know more to help you. How does your code look like?

Staff fjl | 4352 posts | PythonAnywhere staff | Jan. 28, 2021, 9:37 a.m. | permalink