Yours,
BR
-- On Mon, Sep 27, 2010 at 7:58 AM, Russell Keith-Magee <russell@keith-magee.com> wrote:
On Mon, Sep 27, 2010 at 12:18 AM, Joakim Hove <joakim.hove@gmail.com> wrote:If it's impractical or impossible to get access to the CSRF token by
> Hello,
>
> I have a simple form which has method POST. When I view the form in
> the browser and fill it normally everything works fine. However; the
> plan is to submit this form automagically from a client program - I
> have currently tried with the Python script:
>
> #!/usr/bin/python
> import urllib
> params = urllib.urlencode({"passwd": "Hemmelig",
> "user_id" : 1000,
> "subject" : "Tema",
> "extra_addr" : "joakim-hove@gmail.com",
> "date_list" : "10-10-2010",
> "body" : "Lang melding"})
>
> f = urllib.urlopen(form_url , params)
> print f.read()
>
> The server just returns error code 403: "No CSRF or session cookie";
> how can I get around this? Do I have to create a csrfmiddlewaretoken
> on the client (which will not even have Python installed)?
GET before POSTing, you can disable CSRF on that single view. See [1]
for details.
[1] http://docs.djangoproject.com/en/dev/ref/contrib/csrf/#exceptions
Yours,
Russ Magee %-)
--
You received this message because you are subscribed to the Google Groups "Django users" group.
To post to this group, send email to django-users@googlegroups.com.
To unsubscribe from this group, send email to django-users+unsubscribe@googlegroups.com.
For more options, visit this group at http://groups.google.com/group/django-users?hl=en.
You received this message because you are subscribed to the Google Groups "Django users" group.
To post to this group, send email to django-users@googlegroups.com.
To unsubscribe from this group, send email to django-users+unsubscribe@googlegroups.com.
For more options, visit this group at http://groups.google.com/group/django-users?hl=en.
No comments:
Post a Comment