3👍
Just like @smarx said, I just switched from HTTP and HTTPS, and everything worked just fine.
2👍
I’ve recently had a problem with this and my site link was always using the https link. I’m not sure if my solution is fully valid or secure, but for the moment it stops a bug that’s causing a lot of bad signup problems for my service.
Because in some cases the Django Session layer does not seem to work when users are redirected to dropbox and back it seems that the CSRF token is passed back to your app as the “state” parameter in the callback response. My solution is to do a check in your view handler for the authentication that checks if the csrf session key exists and if it does not to get it from the parameter “state” and add it to the session before calling the dropbox request authentication flow.
try:
if request.session["dropbox-auth-csrf-token"] is None or request.session["dropbox-auth-csrf-token"] == "":
raise Exception("Problem with csrf")
except Exception, e:
#Get it from the parameter and add it to the session.
csrf = request.GET.get("state")
request.session["dropbox-auth-csrf-token"] = csrf
access_token, user_id, url_state = \
get_dropbox_auth_flow(request.session).finish(request.GET)
I’m not sure if it’s an overall fix that can be added to the Django library for dropbox, to check the request parameter for the state variable if the session is for some reason not working. This may in fact be a security problem, for the moment it solves my signup issues.
- [Django]-Django-axes installed, but axes.middleware module not available
- [Django]-Running manage.py command through Gunicorn
- [Django]-Getting a ValueError: invalid literal for int() with base 10: '' error and don't know why