Perhaps it's expecting XML in the request and trying to parse your POST data (which is not XML)?
_Nik
On Jul 6, 2012, at 6:03 AM, Jeff Silverman wrote:
> Ok Nik. I have removed the CSRF middleware and get a brand new error.
>
> XMLSyntaxError at /hello/
> error parsing attribute name, line 1, column 6Request Method: POST
> Request URL: http://piadm42.troweprice.com:5555/hello/
> Django Version: 1.3.1
> Exception Type: XMLSyntaxError
> Exception Value: error parsing attribute name, line 1, column 6
> Exception Location: /usr/lib/python2.6/site-packages/
> soaplib-2.0.0_beta1-py2.6.egg/soaplib/core/_base.py in
> _parse_xml_string, line 248
> Python Executable: /usr/bin/python
> Python Version: 2.6.6
>
> The POST in fiddler is something like this -> http://mysite.com:5555/hello/
> and the request body contains -> <name=fred×=2>
>
>
>
> On Jul 5, 10:35 pm, Nikolas Stevenson-Molnar <nik.mol...@consbio.org>
> wrote:
>> Yes, I would expect a 403 when the CSRF middleware is active, the
>> decorator is not used, and no CSRF token is provided. This is the
>> intended behavior. You can fix this in a few ways:
>>
>> 1. Apply the decorator to the __call__ method (rather than to the class
>> itself). If I understand how this code works, that should correctly
>> disable CSRF for the view.
>> 2. Provide a CSRF value with the POST data, as you suggested. This all
>> depends on how the request is made. Django's CSRF system relies on a
>> CSRF value set in a cookie. You have to mimic a browsers cookie
>> functionality, then use the value of the CSRF cookie with evey
>> request you make. By default, the cookie name is 'csrftoken'. For
>> more info on the CSRF process:
>> https://docs.djangoproject.com/en/1.4/ref/contrib/csrf/
>> 3. Disable CSRF altogether. Simply remove the CsrfViewMiddleware from
>> your settings and you're good to go.
>>
>> _Nik
>>
>> On 7/5/2012 6:22 PM, Jeff Silverman wrote:
>>
>>
>>
>>> Nik, if I remove the csrf decorator and leave the middleware in place,
>>> I get the 403. Is there a way to add the token on the POST command,
>>> or is there another way of leaving the middleware in place, but turn
>>> off csrf without using the decorator?
>>
>>> On Thursday, July 5, 2012 8:33:51 PM UTC-4, Jeff Silverman wrote:
>>
>>> Nik, I will give that a try. The reason for the decorator was
>>> that I was getting 403 forbidden, and the decorator made that one
>>> go away. If I remove the csrf from the settings file, will that
>>> solve that problem?
>>
>>> On Tuesday, July 3, 2012 9:32:20 AM UTC-4, Jeff Silverman wrote:
>>
>>> Below is the code from the views.py
>>
>>> The 405 is retunred from the 'return super(DjangoSoapApp,
>>> self).__init__(Application(services, tns))' statement. I am
>>> using
>>> python 2.6, soaplib20 and django 1.3. I am struggling to
>>> understand
>>> what exactly is wrong here.
>>
>>> class HelloWorldService(DefinitionBase):
>>> @soap(String,Integer,_returns=Array(String))
>>> def say_smello(self,name,times):
>>> results = []
>>> for i in range(0,times):
>>> results.append('Hello, %s'%name)
>>> return results
>>
>>> class DjangoSoapApp(WSGIApplication):
>>> csrf_exempt = True
>>
>>> def __init__(self, services, tns):
>>> """Create Django view for given SOAP soaplib services and
>>> tns"""
>>
>>> return super(DjangoSoapApp,
>>> self).__init__(Application(services, tns))
>>
>>> def __call__(self, request):
>>> django_response = HttpResponse()
>>
>>> def start_response(status, headers):
>>> django_response.status_code = int(status.split('
>>> ', 1)[0])
>>> for header, value in headers:
>>> django_response[header] = value
>>
>>> response = super(DjangoSoapApp,
>>> self).__call__(request.META,
>>> start_response)
>>> django_response.content = '\n'.join(response)
>>
>>> return django_response
>>
>>> # the view to use in urls.py
>>> hello_world_service = DjangoSoapApp([HelloWorldService],
>>> '__name__')
>>
>>> --
>>> You received this message because you are subscribed to the Google
>>> Groups "Django users" group.
>>> To view this discussion on the web visit
>>> https://groups.google.com/d/msg/django-users/-/WpDQ4UjGEQwJ.
>>> To post to this group, send email to django-users@googlegroups.com.
>>> To unsubscribe from this group, send email to
>>> django-users+unsubscribe@googlegroups.com.
>>> For more options, visit this group at
>>> http://groups.google.com/group/django-users?hl=en.- Hide quoted text -
>>
>> - Show quoted text -
>
> --
> You received this message because you are subscribed to the Google Groups "Django users" group.
> To post to this group, send email to django-users@googlegroups.com.
> To unsubscribe from this group, send email to django-users+unsubscribe@googlegroups.com.
> For more options, visit this group at http://groups.google.com/group/django-users?hl=en.
>
--
You received this message because you are subscribed to the Google Groups "Django users" group.
To post to this group, send email to django-users@googlegroups.com.
To unsubscribe from this group, send email to django-users+unsubscribe@googlegroups.com.
For more options, visit this group at http://groups.google.com/group/django-users?hl=en.
Subscribe to:
Post Comments (Atom)
No comments:
Post a Comment