在生产中,我一直在尝试添加django .middleware. securitymiddleware(从http://pypi.python.org/pypi/django-secure)to我的设置),但是没有任何运气使它工作。
当我运行:
./manage.py checksecure
一切都很顺利。但是我无法加载网站。它给了我以下错误:
The webpage has resulted in too many redirects. Clearing your cookies for this site or
allowing third-party cookies may fix the problem. If not, it is possibly a server
configuration issue and not a problem with your computer.
本地,当我使用生产设置时,我收到一个页面错误:
Unable to make a secure connection to the server. This may be a problem with the server,
or it may be requiring a client authentication certificate that you don't have.
我的终端充满了奇怪的错误,我无法破译:
[12/Jan/2013 14:15:25] code 400, message Bad HTTP/0.9 request type
('x16x03x01x00x98x01x00x00x94x03x02Pxf1xc4]x97exddxdcxa9xebx0exfcxbbxfa3 ')
[12/Jan/2013 14:15:25] "??P??]?e?ܩ????3 Ʀ?-?:?.E:?o?FH?" 400 -
[12/Jan/2013 14:15:25] code 400, message Bad request syntax ('x16x03x01x00x98x01x00x00x94x03x02Pxf1xc4]MxeeA50xfcx15%xc1xa4x02xecxf0x1fO')
[12/Jan/2013 14:15:25] "??P??]M?A50?%????O" 400 -
[12/Jan/2013 14:15:25] code 400, message Bad request syntax ('x16x03x01x00x98x01x00x00x94x03x01Pxf1xc4]x8egxbeyx155xafiP5x85rxb4|x8cx
任何建议吗?
Infinite-redirects意味着你已经将SECURE_SSL_REDIRECT设置为True
,但是在生产环境中,你的站点运行在SSL-stripping代理服务器后面,所以Django无法判断请求实际上已经是SSL,所以它不断地尝试重定向到SSL。如链接文档中所述,您需要找出代理设置的标头来指示外部ssl请求,并相应地设置SECURE_PROXY_SSL_HEADER设置。