On Tuesday, August 4, 2015 at 3:19:27 PM UTC-7, Anthony wrote: > > The problem is stated right in the returned HTML: > > You are seeing this message because this HTTPS site requires a 'Referer >> header' to be sent by your Web browser, but none was sent. This header is >> required for security reasons, to ensure that your browser is not being >> hijacked by third parties. >> > > You have to set a Referer header. > > Note, the above response is not being returned by web2py -- the web server > must be configured to reject requests without Referer headers (so the > request isn't even getting to web2py). > > I understood the Android to be talking to web2py locally, and web2py was making the request of the remote server:
> On Tuesday, August 4, 2015 at 4:00:37 PM UTC-4, Jon M. wrote: >> >> Greetings again!!! THANKS FOR YOUR EARLY ANSWER! I'm very sorry for being >> late... Kinda busy and daily life stuff goin' on. >> >> Well, the issue happens with these functions. >> >> The android device sends a POST request in order to get some data, every >> 30 secs. To this functions... Obviously. >> >> http://localhost's-ip:8000/project/default/raw_json_read/entries.json >> >> However, if I'm reading it correctly, the request to the remote server is in the omitted code. But if I'm right, then that code is what needs to set the referrer heading. Not that I'm incapable of being confused here. /dps > default.py >> >> # Omitted code... >> >> auth.settings.allow_basic_login = True >> @auth.requires_login() >> *def* raw_json_read(): >> # The mobile POST hits here first. >> *if* request.env.request_method == 'POST': >> session.processing_frame = request.post_vars['entry_value'] >> the_result = frame_reading() >> *return* the_result >> *return* 400 >> >> auth.settings.allow_basic_login = True >> @auth.requires_login() >> *def* frame_reading(): >> # Then here... >> # Omitted code >> session.persistence_last_reload = 0 # Found that it didn't have the >> prefix 'session' and the dot of course. Might be the issue, might be not... >> #Omitted Code >> frame_input = session.processing_frame or redirect(URL('index')) >> status_message = read_frame_validation(frame_input) >> * if* status_message == 210: >> return_value = session.persistence_load_reading >> *return* return_value >> # Omitted code >> *elif* status_message == 245: >> return_value = session.persistence_last_reload >> *return* return_value >> # Omitted code >> *else*: >> *return* status_message >> >> auth.settings.allow_basic_login = True >> @auth.requires_login() >> *def* read_frame_validation(frame_to_split): >> # Omitted validation code... >> *elif* int(string_list[2]) == 7: # Her'es the option that sends >> back information to mobile device >> time_list = [] >> read_list = [] >> the_chain = "" >> refill_rows = db((db.DataInformation.request_type == 2) >> & \ >> (db.DataInformation.id_device == id_device) & >> \ >> (db.DataInformation.id_user == >> auth.user_id)).select(db.DataInformation.timestamp_string, >> >> db.DataInformation.reading, >> >> >> orderby =~ db.DataInformation.id, >> >> >> limitby=(0,6)) >> *if* len(refill_rows) == 0: >> *return* 204 >> *for* row in refill_rows: >> time_list.append(row['timestamp_string']) >> read_list.append(row['reading']) >> the_chain = "|" + ",".join(map(str, time_list)) + "|" + ",".join( >> map(str, read_list)) + "|" >> session.persistence_last_reload = the_chain >> *return* 245 >> # Then, the whole way back to response. >> >> The HTML page that i get is this one: >> >> <!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN" " >> http://www.w3.org/TR/html4/loose.dtd";> >> <html lang="en"> >> <head> >> <meta http-equiv="content-type" content="text/html; charset=utf-8"> >> <meta name="robots" content="NONE,NOARCHIVE"> >> <title>403 Forbidden</title> >> <style type="text/css"> >> html * { padding:0; margin:0; } >> body * { padding:10px 20px; } >> body * * { padding:0; } >> body { font:small sans-serif; background:#eee; } >> body>div { border-bottom:1px solid #ddd; } >> h1 { font-weight:normal; margin-bottom:.4em; } >> h1 span { font-size:60%; color:#666; font-weight:normal; } >> #info { background:#f6f6f6; } >> #info ul { margin: 0.5em 4em; } >> #info p, #summary p { padding-top:10px; } >> #summary { background: #ffc; } >> #explanation { background:#eee; border-bottom: 0px none; } >> </style> >> </head> >> <body> >> <div id="summary"> >> <h1>Forbidden <span😠403)</span></h1> >> <p>CSRF verification failed. Request aborted.</p> >> <p>You are seeing this message because this HTTPS site requires a >> 'Referer >> header' to be sent by your Web browser, but none was sent. This header is >> required for security reasons, to ensure that your browser is not being >> hijacked by third parties.</p> >> <p>If you have configured your browser to disable 'Referer' headers, >> please >> re-enable them, at least for this site, or for HTTPS connections, or for >> 'same-origin' requests.</p> >> </div> >> <div id="explanation"> >> <p><small>More information is available with DEBUG=True.</small></p> >> </div> >> </body> >> </html> >> >> -- Resources: - http://web2py.com - http://web2py.com/book (Documentation) - http://github.com/web2py/web2py (Source code) - https://code.google.com/p/web2py/issues/list (Report Issues) --- You received this message because you are subscribed to the Google Groups "web2py-users" group. To unsubscribe from this group and stop receiving emails from it, send an email to [email protected]. For more options, visit https://groups.google.com/d/optout.
