StackOverflow2013

Note that there are some explanatory texts on larger screens.

plurals

POX-editable inline editing in Django - how to get CSRF protection?
primarykey
Id
13782351
data
AcceptedAnswerId
0
AnswerCount
3
ClosedDate
CommentCount
4
CommunityOwnedDate
CreationDate
2012-12-08T21:56:30.933
FavoriteCount
11
LastActivityDate
2016-05-04T21:05:26.530
LastEditDate
2016-05-04T21:05:26.530
LastEditorUserId
2365052
OwnerUserId
1157536
ParentId
0
PostTypeId
1
Score
14
ViewCount
4586
LastEditorDisplayName
text
Body
<p>I am trying to get <a href="http://vitalets.github.com/x-editable/index.html">X-Editable</a> inline editing of a model in Django. I am simply trying to change attributes of a model instance (in this case, the name of a Dataset object).</p> <p>I am not sure how to write the view so that it correctly captures the information from the ajax request:</p> <pre><code>POST /datasets/9/update_name/ { pk: 3 //primary key (record id) value: 'The Updated Name' //new value } </code></pre> <p>Then save the new name to the Dataset object.</p> <p>urls.py</p> <pre><code># ex: /datasets/3/update_name url(r'^(?P<pk>\d+)/update_name/$', update_name , name='update_name'), </code></pre> <p>detail.html</p> <pre><code><h1 class="page-title center"> <a href="#" id="datasetName">{{ dataset.name }}</a> </h1> <script> $('#datasetName').editable({ type: 'text', pk: {{ dataset.pk }}, url: '{% url 'datasets:update_name' dataset.pk %}', title: 'Edit dataset name' params: { csrf: '{% csrf_token %}'} # // This isn't working }); </script> </code></pre> <p>views.py</p> <pre><code>def update_name(request, dataset_id): # ... Update Dataset object ... json = simplejson.dumps(request.POST) return HttpResponse(json, mimetype='application/json') </code></pre> <p><strong>EDIT:</strong></p> <p>I believe the problem is that there is no CSRF protection. How can I add this in the X-editable form?</p> <p>** EDIT 2: </p> <p>I have also tried this, as per the docs:</p> <pre><code><h1 class="page-title center"> <a href="#" id="datasetName">{{ dataset.name }}</a> </h1> <script> // using jQuery function getCookie(name) { var cookieValue = null; if (document.cookie && document.cookie != '') { var cookies = document.cookie.split(';'); for (var i = 0; i < cookies.length; i++) { var cookie = jQuery.trim(cookies[i]); // Does this cookie string begin with the name we want? if (cookie.substring(0, name.length + 1) == (name + '=')) { cookieValue = decodeURIComponent(cookie.substring(name.length + 1)); break; } } } return cookieValue; } var csrftoken = getCookie('csrftoken'); function csrfSafeMethod(method) { // these HTTP methods do not require CSRF protection return (/^(GET|HEAD|OPTIONS|TRACE)$/.test(method)); } $.ajaxSetup({ beforeSend: function(xhr, settings) { function getCookie(name) { var cookieValue = null; if (document.cookie && document.cookie != '') { var cookies = document.cookie.split(';'); for (var i = 0; i < cookies.length; i++) { var cookie = jQuery.trim(cookies[i]); // Does this cookie string begin with the name we want? if (cookie.substring(0, name.length + 1) == (name + '=')) { cookieValue = decodeURIComponent(cookie.substring(name.length + 1)); break; } } } return cookieValue; } if (!(/^http:.*/.test(settings.url) || /^https:.*/.test(settings.url))) { // Only send the token to relative URLs i.e. locally. xhr.setRequestHeader("X-CSRFToken", getCookie('csrftoken')); } } }); $('#datasetName').editable({ type: 'text', pk: {{ dataset.pk }}, url: '{% url 'datasets:update_name' dataset.pk %}', title: 'Edit dataset name', }); </script> </code></pre>
Tags
<ajax><django><x-editable>
Title
X-editable inline editing in Django - how to get CSRF protection?
singulars
PostAcceptedAnswerId
1. This table or related slice is empty.
PostParentId
1. This table or related slice is empty.
PostTypePostTypeId
1. PTQuestion
UserLastEditorUserId
1. USShubhamoy
UserOwnerUserId
1. USSteve L
plurals
PostLinksPostIdRelatedPostId
1. This table or related slice is empty.
PostLinksRelatedPostIdPostId
1. This table or related slice is empty.
PostsAcceptedAnswerId
1. This table or related slice is empty.
PostsParentIdCreationDate
1. PO
  singulars
  PostTypePostTypeId
  PTAnswer
VotesPostIdCreationDate
CommentsPostId

Querying!

Guidance

A row detail

Detail views are divided into sections. All the information in the data section comes from columns in the selected row. The other sections display data from other, related rows.

Related data can be related in a to-one or a to-many fashion. Captions of data related in a to-many fashion link to a list view showing a filtered view of the table.

Try moving around until you find a non-empty to-many entry and click on the label to get to one. You can move back to the root by clicking on the database name in the header.