Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Iframe Issues in safari Browser #22

Open
sandeepks230 opened this issue Sep 20, 2022 · 0 comments
Open

Iframe Issues in safari Browser #22

sandeepks230 opened this issue Sep 20, 2022 · 0 comments

Comments

@sandeepks230
Copy link

Does this work as an Iframe in Safari browser? We have a Shopify Django app which works fine as an iframe in Chrome and Mozilla. But its not storing cookies in Safari, so all the post requests are getting forbidden due to no csrf tokens found. This is our settings.py, can anyone mention what we can do to overcome this issue, or is there any other way of manually passing csrf token, not from the cookies.

`
import os
from shopify_app import *
from decouple import config

BASE_DIR = os.path.dirname(os.path.dirname(os.path.abspath(file)))

SECRET_KEY = config('DJANGO_SECRET')

DEBUG = int(config('DEBUG'))

SHOPIFY_API_KEY = config('SHOPIFY_API_KEY')
SHOPIFY_API_SECRET = config('SHOPIFY_API_SECRET')
SHOPIFY_APP_NAME = config('SHOPIFY_APP_NAME')
SHOPIFY_API_VERSION = 'unstable'
SHOPIFY_TEST = config('SHOPIFY_TEST') # For the purpose of Shopify Payments

INTERNAL_IPS = ('127.0.0.1',)

ALLOWED_HOSTS = config('DJANGO_ALLOWED_HOSTS').split(" ")

CSP_FRAME_ANCESTORS = ("'self'", 'https://*.myshopify.com')

CSP_DEFAULT_SRC = ("'self'", "'unsafe-inline'", "'unsafe-eval'", "https://fonts.gstatic.com")

CSP_STYLE_SRC = ("'self'", "'unsafe-inline'", "https://fonts.googleapis.com")

CSP_SCRIPT_SRC = ("'self'", "'unsafe-inline'", "'unsafe-eval'")

CSP_IMG_SRC = ("'self'",
"https://*.s3.amazonaws.com", "data:", "https://cdn.shopify.com")

SESSION_COOKIE_SAMESITE = 'None'
SESSION_COOKIE_SECURE = True
XS_SHARING_ALLOWED_METHODS = ['POST', 'GET', 'PUT']

CSRF_COOKIE_SAMESITE = 'None'
CSRF_COOKIE_SECURE = True

STATIC_ROOT = os.path.join(BASE_DIR, 'staticfiles')

CSRF_TRUSTED_ORIGINS = [config('CSRF_TRUSTED_ORIGINS')]

INSTALLED_APPS = [
'django.contrib.admin',
'django.contrib.auth',
'django.contrib.contenttypes',
'django.contrib.sessions',
'django.contrib.messages',
'django.contrib.staticfiles',

'shopify_app.apps.ShopifyAppConfig',
'home.apps.HomeConfig',
'notification',
'api',
'payment',
'debug_toolbar',


'django_extensions',
'rest_framework',
'rest_framework.authtoken',
'django_celery_beat',
'storages',

]

MIDDLEWARE = [
'django.middleware.security.SecurityMiddleware',
'django.contrib.sessions.middleware.SessionMiddleware',
'django.middleware.common.CommonMiddleware',
'django.middleware.csrf.CsrfViewMiddleware',
'django.contrib.auth.middleware.AuthenticationMiddleware',
'django.contrib.messages.middleware.MessageMiddleware',
'csp.middleware.CSPMiddleware',
'shopify_app.middleware.LoginProtection',
'debug_toolbar.middleware.DebugToolbarMiddleware',

]

ROOT_URLCONF = 'shopify_django_app.urls'

TEMPLATES = [
{
'BACKEND': 'django.template.backends.django.DjangoTemplates',
"APP_DIRS": True,
'DIRS': [],
'OPTIONS': {
'context_processors': [
'django.template.context_processors.debug',
'django.template.context_processors.request',
'django.contrib.auth.context_processors.auth',
'django.contrib.messages.context_processors.messages',
'shopify_app.context_processors.current_shop',
],
},
},
]

WSGI_APPLICATION = 'shopify_django_app.wsgi.application'

DATABASES = {
'default': {
'ENGINE': config('SQL_ENGINE'),
'NAME': config('SQL_DATABASE'),
'USER': config('SQL_USER'),
"PASSWORD": config('SQL_PASSWORD'),
"HOST": config('SQL_HOST'),
"PORT": config('SQL_PORT'),
}
}

AUTH_PASSWORD_VALIDATORS = [
{
'NAME': 'django.contrib.auth.password_validation.UserAttributeSimilarityValidator',
},
{
'NAME': 'django.contrib.auth.password_validation.MinimumLengthValidator',
},
{
'NAME': 'django.contrib.auth.password_validation.CommonPasswordValidator',
},
{
'NAME': 'django.contrib.auth.password_validation.NumericPasswordValidator',
},
]

DATA_UPLOAD_MAX_MEMORY_SIZE = None
SESSION_EXPIRE_AT_BROWSER_CLOSE = True
AWS_ACCESS_KEY_ID = config('AWS_ACCESS_KEY_ID')
AWS_SECRET_ACCESS_KEY = config('AWS_SECRET_ACCESS_KEY')
DEFAULT_FILE_STORAGE = config('DEFAULT_FILE_STORAGE')
AWS_STORAGE_BUCKET_NAME = config('AWS_STORAGE_BUCKET_NAME')

if DEBUG:
AWS_S3_CUSTOM_DOMAIN = f'{AWS_STORAGE_BUCKET_NAME}.s3.amazonaws.com'
AWS_QUERYSTRING_AUTH = False
STATIC_URL = '/static/'
MEDIA_URL = '/media/'
MEDIA_ROOT = os.path.join(BASE_DIR, 'media')

else:
CLOUDFRONT_DOMAIN = config('AWS_CLOUDFRONT_DOMAIN')
CLOUDFRONT_DOMAIN_ID = config('AWS_CLOUDFRONT_ID')
AWS_S3_CUSTOM_DOMAIN = CLOUDFRONT_DOMAIN
AWS_DEFAULT_ACL = None
AWS_S3_OBJECT_PARAMETERS = {'CacheControl': 'max-age=86400'}
MEDIAFILES_LOCATION = 'media'
MEDIA_URL = f'{AWS_S3_CUSTOM_DOMAIN}/{MEDIAFILES_LOCATION}/'
STATICFILES_LOCATION = 'static'
STATIC_URL = '/static/'

STATICFILES_DIRS = (os.path.join(BASE_DIR, 'static'),)

REDIS_HOST = config('REDIS_HOST')
REDIS_PORT = config('REDIS_PORT')

SNS_ACCESS_KEY_ID = config('SNS_ACCESS_KEY_ID')
SNS_SECRET_ACCESS_KEY = config('SNS_SECRET_ACCESS_KEY')
SNS_REGION_NAME = config('SNS_REGION_NAME')
ANDROID_PLATFORM_APP_ARN = config('ANDROID_PLATFORM_APP_ARN')
IOS_PLATFORM_APP_ARN = config('IOS_PLATFORM_APP_ARN')

LANGUAGE_CODE = 'en-us'

TIME_ZONE = 'Asia/Kolkata'

USE_I18N = True

USE_L10N = True

USE_TZ = True

AUTH_USER_MODEL = 'shopify_app.User'

CELERY_BROKER_URL = config('CELERY_BROKER_URL')
CELERY_RESULT_BACKEND = config('CELERY_RESULT_BACKEND')
CELERY_ACCEPT_CONTENT = ['application/json']
CELERY_TASK_SERIALIZER = 'json'
CELERY_RESULT_SERIALIZER = 'json'
CELERY_TIMEZONE = 'Asia/Kolkata'

CELERY_BEAT_SCHEDULER = 'django_celery_beat.schedulers:DatabaseScheduler'

REST_FRAMEWORK = {
'DEFAULT_PERMISSION_CLASSES': (
'rest_framework.permissions.AllowAny',
),
'DEFAULT_AUTHENTICATION_CLASSES': (
'rest_framework.authentication.TokenAuthentication',
'rest_framework.authentication.SessionAuthentication',
'rest_framework.authentication.BasicAuthentication',
),
}

DEFAULT_AUTO_FIELD = 'django.db.models.BigAutoField'

EMAIL_BACKEND = 'django.core.mail.backends.smtp.EmailBackend'
EMAIL_HOST = config('EMAIL_HOST')
EMAIL_USE_TLS = True
EMAIL_PORT = config('EMAIL_PORT')
EMAIL_HOST_USER = config('EMAIL_HOST_USER')
EMAIL_HOST_PASSWORD = config('EMAIL_HOST_PASSWORD')
`

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Labels
None yet
Projects
None yet
Development

No branches or pull requests

1 participant