StackOverflow2013

Note that there are some explanatory texts on larger screens.

plurals

PODjango CSRF check failing with an Ajax POST request
primarykey
Id
5100539
data
AcceptedAnswerId
5107878
AnswerCount
18
ClosedDate
CommentCount
3
CommunityOwnedDate
CreationDate
2011-02-24T04:58:11.940
FavoriteCount
79
LastActivityDate
2018-08-09T12:19:22.610
LastEditDate
2016-04-13T03:11:47.733
LastEditorUserId
2343488
OwnerUserId
629530
ParentId
0
PostTypeId
1
Score
150
ViewCount
110765
LastEditorDisplayName
text
Body
I could use some help complying with Django's CSRF protection mechanism via my AJAX post. I've followed the directions here: <a href="http://docs.djangoproject.com/en/dev/ref/contrib/csrf/" rel="noreferrer">http://docs.djangoproject.com/en/dev/ref/contrib/csrf/</a> I've copied the AJAX sample code they have on that page exactly: <a href="http://docs.djangoproject.com/en/dev/ref/contrib/csrf/#ajax" rel="noreferrer">http://docs.djangoproject.com/en/dev/ref/contrib/csrf/#ajax</a> I put an alert printing the contents of <code>getCookie('csrftoken')</code> before the <code>xhr.setRequestHeader</code> call and it is indeed populated with some data. I'm not sure how to verify that the token is correct, but I'm encouraged that it's finding and sending something. But Django is still rejecting my AJAX post. Here's my JavaScript: <pre><code>$.post("/memorize/", data, function (result) { if (result != "failure") { get_random_card(); } else { alert("Failed to save card data."); } }); </code></pre> Here's the error I'm seeing from Django: <blockquote> [23/Feb/2011 22:08:29] "POST /memorize/ HTTP/1.1" 403 2332 </blockquote> I'm sure I'm missing something, and maybe it's simple, but I don't know what it is. I've searched around SO and saw some information about turning off the CSRF check for my view via the <code>csrf_exempt</code> decorator, but I find that unappealing. I've tried that out and it works, but I'd rather get my POST to work the way Django was designed to expect it, if possible. Just in case it's helpful, here's the gist of what my view is doing: <pre><code>def myview(request): profile = request.user.profile if request.method == 'POST': """ Process the post... """ return HttpResponseRedirect('/memorize/') else: # request.method == 'GET' ajax = request.GET.has_key('ajax') """ Some irrelevent code... """ if ajax: response = HttpResponse() profile.get_stack_json(response) return response else: """ Get data to send along with the content of the page. """ return render_to_response('memorize/memorize.html', """ My data """ context_instance=RequestContext(request)) </code></pre> Thanks for your replies!
Tags
<python><ajax><django><csrf>
Title
Django CSRF check failing with an Ajax POST request
singulars
PostAcceptedAnswerId
1. PO
 singulars
 PostTypePostTypeId
 PTAnswer
PostParentId
1. This table or related slice is empty.
PostTypePostTypeId
1. PTQuestion
UserLastEditorUserId
1. USjuliocesar
UserOwnerUserId
1. USfirebush
plurals
PostLinksPostIdRelatedPostId
1. PL
 singulars
 LinkTypeLinkTypeId
 LTLinked
PostLinksRelatedPostIdPostId
1. PL
 singulars
 LinkTypeLinkTypeId
 LTLinked
2. PL
 singulars
 LinkTypeLinkTypeId
 LTLinked
3. PL
 singulars
 LinkTypeLinkTypeId
 LTLinked
PostsAcceptedAnswerId
1. This table or related slice is empty.
PostsParentIdCreationDate
1. PO
 singulars
 PostTypePostTypeId
 PTAnswer
2. PO
 singulars
 PostTypePostTypeId
 PTAnswer
3. PO
 singulars
 PostTypePostTypeId
 PTAnswer
VotesPostIdCreationDate
1. VO
 singulars
 PostPostId
 PODjango CSRF check failing with an Ajax POST request
 UserUserId
 This table or related slice is empty.
 VoteTypeVoteTypeId
 VTUpMod
2. VO
 singulars
 PostPostId
 PODjango CSRF check failing with an Ajax POST request
 UserUserId
 USValentin Kantor
 VoteTypeVoteTypeId
 VTFavorite
3. VO
 singulars
 PostPostId
 PODjango CSRF check failing with an Ajax POST request
 UserUserId
 This table or related slice is empty.
 VoteTypeVoteTypeId
 VTUpMod
CommentsPostId

Querying!

Guidance

A row detail

Detail views are divided into sections. All the information in the data section comes from columns in the selected row. The other sections display data from other, related rows.

Related data can be related in a to-one or a to-many fashion. Captions of data related in a to-many fashion link to a list view showing a filtered view of the table.

Try moving around until you find a non-empty to-many entry and click on the label to get to one. You can move back to the root by clicking on the database name in the header.