The problem is stated right in the returned HTML: You are seeing this message because this HTTPS site requires a 'Referer > header' to be sent by your Web browser, but none was sent. This header is > required for security reasons, to ensure that your browser is not being > hijacked by third parties. >
You have to set a Referer header. Note, the above response is not being returned by web2py -- the web server must be configured to reject requests without Referer headers (so the request isn't even getting to web2py). Anthony On Tuesday, August 4, 2015 at 4:00:37 PM UTC-4, Jon M. wrote: > > Greetings again!!! THANKS FOR YOUR EARLY ANSWER! I'm very sorry for being > late... Kinda busy and daily life stuff goin' on. > > Well, the issue happens with these functions. > > The android device sends a POST request in order to get some data, every > 30 secs. To this functions... Obviously. > > http://localhost's-ip:8000/project/default/raw_json_read/entries.json > > default.py > > # Omitted code... > > auth.settings.allow_basic_login = True > @auth.requires_login() > *def* raw_json_read(): > # The mobile POST hits here first. > *if* request.env.request_method == 'POST': > session.processing_frame = request.post_vars['entry_value'] > the_result = frame_reading() > *return* the_result > *return* 400 > > auth.settings.allow_basic_login = True > @auth.requires_login() > *def* frame_reading(): > # Then here... > # Omitted code > session.persistence_last_reload = 0 # Found that it didn't have the > prefix 'session' and the dot of course. Might be the issue, might be not... > #Omitted Code > frame_input = session.processing_frame or redirect(URL('index')) > status_message = read_frame_validation(frame_input) > * if* status_message == 210: > return_value = session.persistence_load_reading > *return* return_value > # Omitted code > *elif* status_message == 245: > return_value = session.persistence_last_reload > *return* return_value > # Omitted code > *else*: > *return* status_message > > auth.settings.allow_basic_login = True > @auth.requires_login() > *def* read_frame_validation(frame_to_split): > # Omitted validation code... > *elif* int(string_list[2]) == 7: # Her'es the option that sends > back information to mobile device > time_list = [] > read_list = [] > the_chain = "" > refill_rows = db((db.DataInformation.request_type == 2) & > \ > (db.DataInformation.id_device == id_device) & \ > (db.DataInformation.id_user == > auth.user_id)).select(db.DataInformation.timestamp_string, > > db.DataInformation.reading, > > > orderby =~ db.DataInformation.id, > > > limitby=(0,6)) > *if* len(refill_rows) == 0: > *return* 204 > *for* row in refill_rows: > time_list.append(row['timestamp_string']) > read_list.append(row['reading']) > the_chain = "|" + ",".join(map(str, time_list)) + "|" + ",".join( > map(str, read_list)) + "|" > session.persistence_last_reload = the_chain > *return* 245 > # Then, the whole way back to response. > > The HTML page that i get is this one: > > <!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN" " > http://www.w3.org/TR/html4/loose.dtd";> > <html lang="en"> > <head> > <meta http-equiv="content-type" content="text/html; charset=utf-8"> > <meta name="robots" content="NONE,NOARCHIVE"> > <title>403 Forbidden</title> > <style type="text/css"> > html * { padding:0; margin:0; } > body * { padding:10px 20px; } > body * * { padding:0; } > body { font:small sans-serif; background:#eee; } > body>div { border-bottom:1px solid #ddd; } > h1 { font-weight:normal; margin-bottom:.4em; } > h1 span { font-size:60%; color:#666; font-weight:normal; } > #info { background:#f6f6f6; } > #info ul { margin: 0.5em 4em; } > #info p, #summary p { padding-top:10px; } > #summary { background: #ffc; } > #explanation { background:#eee; border-bottom: 0px none; } > </style> > </head> > <body> > <div id="summary"> > <h1>Forbidden <span😠403)</span></h1> > <p>CSRF verification failed. Request aborted.</p> > <p>You are seeing this message because this HTTPS site requires a 'Referer > header' to be sent by your Web browser, but none was sent. This header is > required for security reasons, to ensure that your browser is not being > hijacked by third parties.</p> > <p>If you have configured your browser to disable 'Referer' headers, > please > re-enable them, at least for this site, or for HTTPS connections, or for > 'same-origin' requests.</p> > </div> > <div id="explanation"> > <p><small>More information is available with DEBUG=True.</small></p> > </div> > </body> > </html> > > -- Resources: - http://web2py.com - http://web2py.com/book (Documentation) - http://github.com/web2py/web2py (Source code) - https://code.google.com/p/web2py/issues/list (Report Issues) --- You received this message because you are subscribed to the Google Groups "web2py-users" group. To unsubscribe from this group and stop receiving emails from it, send an email to web2py+unsubscr...@googlegroups.com. For more options, visit https://groups.google.com/d/optout.
