the csrf token generated in the view is passed through unicode. eg
unicode(csrf(request)['csrf_token'])
On Apr 23, 6:04 pm, Luther Goh Lu Feng <elf...@yahoo.com> wrote:
> I have managed to resolve the issue. This only works on phonegap,
> chrome 20 but not on desktop safari 5.1.5.
>
> General strategy:
> - Make an ajax OPTIONS call tohttp://foo
> - Generate the csrf token and return it in the success callback
> - Extract the csrf token
> - In the success callback do the ajax post, and set the request header
> with the csrf token using xhr.setRequestHeader("X-CSRFToken", token)
> - In the middleware you will need to enable CORS and accept the
> csrftoken headder
>
> Desktop safari seemed to fail as it was unable to return the cookie in
> the ajax post call
>
> This is in django 1.4 and with the view decorators:
>
> @ensure_csrf_cookie
> @require_http_methods(["OPTIONS", "POST"])
>
> On Apr 22, 2:57 am, Luther Goh Lu Feng <elf...@yahoo.com> wrote:
>
>
>
>
>
>
>
> > I am running a website on local host (my mac, ip 127.0.0.1) and my
> > django dev server on a VM (some other ip eg. 192.168.56.1).
>
> > I load up the local host website, which 'emulates' the mobile app that
> > I will build using phonegap. I am issuing ajax requests from the
> > website to the django application residing in the VM.
>
> > The views that the requests are routed to are not csrf exempt. As
> > such, I issue a get request on the local website to try and obtain the
> > csrf token:
>
> > $.get('http://127.0.0.1:8000/login')
>
> > In the response headers, the following is returned:
> > Set-Cookie:csrftoken=82c34b2495ad0c7f8a5fed67ca9a21bd; expires=Sat, 20-
> > Apr-2013 05:20:20 GMT; Max-Age=31449600; Path=/
>
> > However, this is unfortunately not found in document.cookie.
>
> > I would like to ask for advice on how I can get around this problems.
>
> > Thanks in advance,
>
> > Luther
--
You received this message because you are subscribed to the Google Groups "Django users" group.
To post to this group, send email to django-users@googlegroups.com.
To unsubscribe from this group, send email to django-users+unsubscribe@googlegroups.com.
For more options, visit this group at http://groups.google.com/group/django-users?hl=en.
No comments:
Post a Comment