Hello all, Has anyone used the mobile data collection app with an Arches instance that is served through HTTPS? I am trying to do so now and not having luck. When I enter to full information in the app and try to connect, there is no error message but it goes to a blank projects screen, and the new instance has not been saved. So there is some silent failure going on.
<https://archesproject.slack.com/archives/C18GGP4RX/p1576636767062400> On the server, in the arches.log file in my app, I see the messages Dispatching Couch Proxy, but that's all. In the apache log on the server, I see this message: WARNING:django.security.csrf:Forbidden (Referer checking failed - no Referer.): /auth/user_profile The first thing I did was look at that view, and indeed it *is *marked as csrf_exempt which was the first hint I found online. Also I set ALLOWED_HOSTS to ["*"] but that didn't change anything. Reading further, especially this thread https://github.com/Tivix/django-rest-auth/issues/211 <https://slack-redir.net/link?url=https%3A%2F%2Fgithub.com%2FTivix%2Fdjango-rest-auth%2Fissues%2F211&v=3>, it seems likely that the app is sending the CSRF token, but it is not sending a "referer" header. This is fine over http, but if a token is included without a referer over https, then the request fails. Some of this is speculative but hopefully it will make more sense to others. If that theory is right though, I think it means that the mobile just doesn't work over https... Another thing I tried was this Django setting, CSRF_TRUSTED_ORIGINS (https://docs.djangoproject.com/en/1.11/ref/settings/#csrf-trusted-origins <https://slack-redir.net/link?url=https%3A%2F%2Fdocs.djangoproject.com%2Fen%2F1.11%2Fref%2Fsettings%2F%23csrf-trusted-origins&v=3>). I set it to ["*"] but that also didn't fix the issue. I tried combinations of other SSL-related settings to no avail. There's probably some simple thing I'm missing but I feel like I've tried a lot of them so far... Adam -- -- To post, send email to [email protected]. To unsubscribe, send email to [email protected]. For more information, visit https://groups.google.com/d/forum/archesproject?hl=en --- You received this message because you are subscribed to the Google Groups "Arches Project" group. To unsubscribe from this group and stop receiving emails from it, send an email to [email protected]. To view this discussion on the web visit https://groups.google.com/d/msgid/archesproject/557bb60d-48c0-436d-bba9-2c3f218f51c3%40googlegroups.com.
