Hi Adam, I'm not familiar with this particular issue, but I hope someone else here can help trouble shoot. Perhaps, one of the Collector developers can verify if it's worked over https? Our team tested over http.
Best, Alina On Wednesday, December 18, 2019 at 5:30:46 PM UTC-8, Adam Cox wrote: > > Hello all, > > Has anyone used the mobile data collection app with an Arches instance > that is served through HTTPS? I am trying to do so now and not having luck. > When I enter to full information in the app and try to connect, there is no > error message but it goes to a blank projects screen, and the new instance > has not been saved. So there is some silent failure going on. > > <https://archesproject.slack.com/archives/C18GGP4RX/p1576636767062400> > On the server, in the arches.log file in my app, I see the messages > Dispatching > Couch Proxy, but that's all. > > In the apache log on the server, I see this message: > > WARNING:django.security.csrf:Forbidden (Referer checking failed - no > Referer.): /auth/user_profile > > The first thing I did was look at that view, and indeed it *is *marked as > csrf_exempt which was the first hint I found online. Also I set > ALLOWED_HOSTS to ["*"] but that didn't change anything. > > Reading further, especially this thread > https://github.com/Tivix/django-rest-auth/issues/211 > <https://slack-redir.net/link?url=https%3A%2F%2Fgithub.com%2FTivix%2Fdjango-rest-auth%2Fissues%2F211&v=3>, > > it seems likely that the app is sending the CSRF token, but it is not > sending a "referer" header. This is fine over http, but if a token is > included without a referer over https, then the request fails. Some of > this is speculative but hopefully it will make more sense to others. If > that theory is right though, I think it means that the mobile just doesn't > work over https... > > Another thing I tried was this Django setting, CSRF_TRUSTED_ORIGINS > (https://docs.djangoproject.com/en/1.11/ref/settings/#csrf-trusted-origins > <https://slack-redir.net/link?url=https%3A%2F%2Fdocs.djangoproject.com%2Fen%2F1.11%2Fref%2Fsettings%2F%23csrf-trusted-origins&v=3>). > > I set it to ["*"] but that also didn't fix the issue. I tried > combinations of other SSL-related settings to no avail. > > There's probably some simple thing I'm missing but I feel like I've tried > a lot of them so far... > > Adam > -- -- To post, send email to [email protected]. To unsubscribe, send email to [email protected]. For more information, visit https://groups.google.com/d/forum/archesproject?hl=en --- You received this message because you are subscribed to the Google Groups "Arches Project" group. To unsubscribe from this group and stop receiving emails from it, send an email to [email protected]. To view this discussion on the web visit https://groups.google.com/d/msgid/archesproject/bf29af3a-9a89-4ef2-b90d-b260f24a8041%40googlegroups.com.
