I deployed a drf api in apache server , when i access it from the same machine it work fine (get and post requests and also database connections all works good) , but when I try it from another machine in the same network i got two errors specially if it’s a post request or there is a connection with database , the first one before sending anything it said
"HTTP 405 Method Not Allowed"
and if I try to send post requests it said
"CSRF Failed: CSRF token missing or incorrect."
and also if there is a get request has connections to database i got 500 server error .
I tried to follow the documentation and also looked for these questions 1 , 2 but didn’t help , actually I’m not even sure what cause these problems .
Note : when i try just runserver command it works fine from other machines .
here is virtual host and settings.py .
virtual host:
<VirtualHost 192.168.100.102:8001 _default_:8001>
DocumentRoot /opt/bitnami/projects/chatbotQZ/sources/team_city/myproject/myproject
ServerAdmin [email protected]
# Set the path to your Django project
WSGIDaemonProcess myproject python-home=/opt/bitnami/projects/chatbotQZ/sources/env/ python-path=/opt/bitnami/projects/chatbotQZ/sources/team_city/myproject/myproject
WSGIProcessGroup myproject
WSGIScriptAlias / /opt/bitnami/projects/chatbotQZ/sources/team_city/myproject/myproject/wsgi.py
# Configure access to static files
Alias /static/ /opt/bitnami/projects/chatbotQZ/sources/team_city/myproject/static
<Directory /opt/bitnami/projects/chatbotQZ/sources/team_city/myproject/static>
Require all granted
</Directory>
<Directory /opt/bitnami/projects/chatbotQZ/sources/team_city/myproject/myproject>
Require all granted
</Directory>
ErrorLog /opt/bitnami/projects/chatbotQZ/sources/logs/drfapp_error.log
CustomLog /opt/bitnami/projects/chatbotQZ/sources/logs/drfapp_access.log combined
</VirtualHost>
settings.py :
"""
Django settings for myproject project.
Generated by 'django-admin startproject' using Django 3.2.18.
For more information on this file, see
https://docs.djangoproject.com/en/3.2/topics/settings/
For the full list of settings and their values, see
https://docs.djangoproject.com/en/3.2/ref/settings/
"""
import os
from pathlib import Path
# Build paths inside the project like this: BASE_DIR / 'subdir'.
BASE_DIR = Path(__file__).resolve().parent.parent
# Quick-start development settings - unsuitable for production
# See https://docs.djangoproject.com/en/3.2/howto/deployment/checklist/
# SECURITY WARNING: keep the secret key used in production secret!
SECRET_KEY = 'django-insecure-=z(3%l&3lrwvz16411c!-kjqaeb#@644o4$cd&go!w0ymi6(30'
# SECURITY WARNING: don't run with debug turned on in production!
DEBUG = False
#ALLOWED_HOSTS = ['127.0.0.1']
ALLOWED_HOSTS = ['192.168.100.102']
# Application definition
INSTALLED_APPS = [
'django.contrib.admin',
'django.contrib.auth',
'django.contrib.contenttypes',
'django.contrib.sessions',
'django.contrib.messages',
'django.contrib.staticfiles',
'rest_framework',
'base',
]
AUTH_USER_MODEL = 'base.user_auth'
MIDDLEWARE = [
'django.middleware.security.SecurityMiddleware',
'django.contrib.sessions.middleware.SessionMiddleware',
'django.middleware.common.CommonMiddleware',
'django.middleware.csrf.CsrfViewMiddleware',
'django.contrib.auth.middleware.AuthenticationMiddleware',
'django.contrib.messages.middleware.MessageMiddleware',
'django.middleware.clickjacking.XFrameOptionsMiddleware',
]
ROOT_URLCONF = 'myproject.urls'
TEMPLATES = [
{
'BACKEND': 'django.template.backends.django.DjangoTemplates',
'DIRS': [],
'APP_DIRS': True,
'OPTIONS': {
'context_processors': [
'django.template.context_processors.debug',
'django.template.context_processors.request',
'django.contrib.auth.context_processors.auth',
'django.contrib.messages.context_processors.messages',
],
},
},
]
WSGI_APPLICATION = 'myproject.wsgi.application'
# Database
# https://docs.djangoproject.com/en/3.2/ref/settings/#databases
DATABASES = {
'default': {
'ENGINE': 'django.db.backends.mysql',
'NAME': 'chatbot',
'USER': 'dev',
'PASSWORD': 'wXNjZWoJmBB5',
'HOST': '127.0.0.1',
'PORT': '3306',
}
}
# Password validation
# https://docs.djangoproject.com/en/3.2/ref/settings/#auth-password-validators
AUTH_PASSWORD_VALIDATORS = [
{
'NAME': 'django.contrib.auth.password_validation.UserAttributeSimilarityValidator',
},
{
'NAME': 'django.contrib.auth.password_validation.MinimumLengthValidator',
},
{
'NAME': 'django.contrib.auth.password_validation.CommonPasswordValidator',
},
{
'NAME': 'django.contrib.auth.password_validation.NumericPasswordValidator',
},
]
# Internationalization
# https://docs.djangoproject.com/en/3.2/topics/i18n/
LANGUAGE_CODE = 'en-us'
TIME_ZONE = 'UTC'
USE_I18N = True
USE_L10N = True
USE_TZ = True
# Static files (CSS, JavaScript, Images)
# https://docs.djangoproject.com/en/3.2/howto/static-files/
STATIC_URL = '/static/'
STATIC_ROOT = os.path.join(BASE_DIR, "static/")
# Default primary key field type
# https://docs.djangoproject.com/en/3.2/ref/settings/#default-auto-field
DEFAULT_AUTO_FIELD = 'django.db.models.BigAutoField'
2
Answers
the main problem was csrf token , when I used postman and disabled cookies and send csrf token in header it worked , but even tho I decide to remove it , by deleting 'rest_framework.authentication.SessionAuthentication' from rest-framework/settings.py and it's work fine .
There are a couple of reasons you might be experiencing this. I’ll go over a few of those.
'192.168.100.102'is the ip of the machine currently hosting your application.