Below is a list (which is being continuously expanded) on things which may "get you" at one point or another. We've done our best to try and make django-twilio
as easy to use as possible, but sometimes problems are unavoidable!
There are two common problems that cause django-twilio
to return HTTP 403 errors in your views:
django-twilio
has built in forgery protection in some decorators to help verify that requests made to any of your Twilio views actually originate from Twilio.
We do this by analyzing HTTP requests sent to your views and comparing a special cryptographic hash. This way, attackers are not able to simply POST data to your views and waste your Twilio resources. Attacks of this nature can be expensive and troublesome.
In the event that HTTP requests to your views are determined to be forged, django-twilio
will return an HTTP 403 (forbidden) response.
Because of the way this forgery protection works, you'll get HTTP 403 errors when hitting django-twilio
views if you test them yourself and you have settings.DEBUG = False
. If you'd like to test your views, be sure to do so with Django's DEBUG setting ON.
django-twilio
requires that you specify the variables TWILIO_ACCOUNT_SID
and TWILIO_AUTH_TOKEN
, either as environment variables, or in your site's settings
module. These are used to verify the legitimacy of HTTP requests to your Twilio views, and to instantiate the twilio.rest.Client
.
If these variables are missing, django-twilio
will raise HTTP 403 (forbidden) errors, because it is unable to determine whether or not the HTTP request originated from Twilio.
To fix this, simply set these environment variables or add them to your settings variables.