Gotchas¶
Below is a list (which is being continuously expanded) on things which may “get
you” at one point or another. We’ve done our best to try and make
django-twilio
as easy to use as possible, but sometimes problems are
unavoidable!
Help! I Get HTTP 403 Forbidden¶
There are two common problems that cause django-twilio
to return HTTP 403
errors in your views:
Forgery Protection¶
django-twilio
has built in forgery protection in some decorators
to help verify that requests made to any of your Twilio views actually
originate from Twilio.
We do this by analyzing HTTP requests sent to your views and comparing a special cryptographic hash. This way, attackers are not able to simply POST data to your views and waste your Twilio resources. Attacks of this nature can be expensive and troublesome.
In the event that HTTP requests to your views are determined to be forged,
django-twilio
will return an HTTP 403 (forbidden) response.
Because of the way this forgery protection works, you’ll get HTTP 403 errors
when hitting django-twilio
views if you test them yourself and you have
settings.DEBUG = False
. If you’d like to test your views, be sure to do so
with Django’s DEBUG setting ON.
Missing Settings¶
django-twilio
requires that you specify the variables
TWILIO_ACCOUNT_SID
and TWILIO_AUTH_TOKEN
, either as environment
variables, or in your site’s settings
module. These are used to verify the
legitimacy of HTTP requests to your Twilio views, and to instantiate the
twilio.rest.Client
.
If these variables are missing, django-twilio
will raise HTTP 403
(forbidden) errors, because it is unable to determine whether or not the HTTP
request originated from Twilio.
To fix this, simply set these environment variables or add them to your settings variables.