> @Anthony, the HTTPS protocol is not yet implemented, first we need the
> transactions fully working, so HTTP protocol is used meanwhile. We're not
> using web browsers, is the Android App that generates a POST with JSON
> request, that is:
>
> "{entry_value=<data_used_by_functions>}"
>
> As if you were using curl for generating POSTs, the auth is provided with
> credential, classic username and password strings (for now).
>
Yes, I understand you are not using a browser. Nevertheless, whatever
client you are using to make the post request, the server is clearly
requiring you to set the Referer header.
> @Anthony, @Dave_S, as said above, the Android sends this vía web with HTTP
> with JSON, the development is done in a PC connected to local LAN, so, the
> Android device with it's own native application generates curl like
> request, and sends it to the PC's IP within the LAN. And in another version
> of the same native Android app, it communicates to the same web2py project
> hosted in pythonanywhere. The guys in pythonanywhere told me that the issue
> has nothing to do with the server provided by them, they said that the CSRF
> token could be expired.
>
I can't speak for pythonanywhere, but web2py is not generating that HTML
response (try searching the web2py repo for any of the text contained in
that response). web2py only uses CSRF tokens with forms created via FORM
and SQLFORM, and it never reports errors regarding CSRF failures. Something
in between the Android app and web2py is rejecting the request and
returning this response. Maybe do some logging and/or inspection of
requests/responses on the client to help figure out the source of the
problem (e.g., what are the response headers when you receive this error).
> Could the issue be the:
>
> auth.settings.allow_basic_login = True
> @auth.requires_login()
>
I don't think so. Though you don't need to bother decorating functions that
are only called by other functions (you only need to decorate actions
accessible via URL -- internal functions should be made private, which you
can do by giving them arguments, preceding their names with a double
underscore, or moving them out of the controller).
Anthony
--
Resources:
- http://web2py.com
- http://web2py.com/book (Documentation)
- http://github.com/web2py/web2py (Source code)
- https://code.google.com/p/web2py/issues/list (Report Issues)
---
You received this message because you are subscribed to the Google Groups
"web2py-users" group.
To unsubscribe from this group and stop receiving emails from it, send an email
to [email protected].
For more options, visit https://groups.google.com/d/optout.
