For example: AUTH_QR_CODE_REDIS_KWARGS = Also, make sure that [LOGIN_URL](https://docs.djangoproject.com/en/dev/ref/settings/#login-url) has a correct value.
Otherwise, users can be redirected to a page that does not exist (for example, if someone not authenticated tries to open the page with the QR code).
How to test===========If you want to test this locally, make sure that your local web server is available from your mobile device.
For example, if your computer and your mobile device are both connected to the same LAN, you should specify your LAN IP address (something like 192.168.0.00 or 0.0.0.00 if you want the web server to listen on all network interfaces) in order to make the web server listen on this address.
We found that is poorly ‘socialized’ in respect to any social network.
Nice QR codes that allow the users to instantly sign in to the website on their mobile devices What is django-qrauth?
Even without any XSS, it is possible for someone who has access to the user’s session (for example, if the user is still logged in on the website, but is away from the computer) to scan the QR code and therefore to log into the user’s account.
Note that some QR code readers try to prefetch the page’s contents (e.g.
to show you the page title), so the QR code will become invalid when you actually open the URL in your web browser.
For instance, it would be even worse to accidentally let an attacker know the user’s password (if the user is prompted for the password on a page with some attacker’s JS) than just let them obtain a new session (which only means access to the account, without the password being exposed). You can do that by adding the [SECURE_PROXY_SSL_HEADER](https://docs.djangoproject.com/en/dev/ref/settings/#secure-proxy-ssl-header) setting and supplying the corresponding header from the reverse proxy (but don’t forget to _always_ set or strip this header, in all the requests the reverse proxy sends to the upstream: otherwise, say, if your website is available via both HTTP and HTTPS, then a user opening the website via HTTP will be able to set this header at the client side, so request.is_secure() will return True, which is not good from the point of security).
Tiger Khan who is a Graduate in Forestry from Kumaon University, Nainital and a former Punjab State Long/Short Rifle Shooting Champion.