What should the XML look like?
On Jul 6, 12:03 pm, Nikolas Stevenson-Molnar <nik.mol...@consbio.org>
wrote:
> Perhaps it's expecting XML in the request and trying to parse your POST data (which is not XML)?
>
> _Nik
>
> On Jul 6, 2012, at 6:03 AM, Jeff Silverman wrote:
>
>
>
> > Ok Nik. I have removed the CSRF middleware and get a brand new error.
>
> > XMLSyntaxError at /hello/
> > error parsing attribute name, line 1, column 6Request Method: POST
> > Request URL:http://piadm42.troweprice.com:5555/hello/
> > Django Version: 1.3.1
> > Exception Type: XMLSyntaxError
> > Exception Value: error parsing attribute name, line 1, column 6
> > Exception Location: /usr/lib/python2.6/site-packages/
> > soaplib-2.0.0_beta1-py2.6.egg/soaplib/core/_base.py in
> > _parse_xml_string, line 248
> > Python Executable: /usr/bin/python
> > Python Version: 2.6.6
>
> > The POST in fiddler is something like this -> http://mysite.com:5555/hello/
> > and the request body contains -> <name=fred×=2>
>
> > On Jul 5, 10:35 pm, Nikolas Stevenson-Molnar <nik.mol...@consbio.org>
> > wrote:
> >> Yes, I would expect a 403 when the CSRF middleware is active, the
> >> decorator is not used, and no CSRF token is provided. This is the
> >> intended behavior. You can fix this in a few ways:
>
> >> 1. Apply the decorator to the __call__ method (rather than to the class
> >> itself). If I understand how this code works, that should correctly
> >> disable CSRF for the view.
> >> 2. Provide a CSRF value with the POST data, as you suggested. This all
> >> depends on how the request is made. Django's CSRF system relies on a
> >> CSRF value set in a cookie. You have to mimic a browsers cookie
> >> functionality, then use the value of the CSRF cookie with evey
> >> request you make. By default, the cookie name is 'csrftoken'. For
> >> more info on the CSRF process:
> >> https://docs.djangoproject.com/en/1.4/ref/contrib/csrf/
> >> 3. Disable CSRF altogether. Simply remove the CsrfViewMiddleware from
> >> your settings and you're good to go.
>
> >> _Nik
>
> >> On 7/5/2012 6:22 PM, Jeff Silverman wrote:
>
> >>> Nik, if I remove the csrf decorator and leave the middleware in place,
> >>> I get the 403. Is there a way to add the token on the POST command,
> >>> or is there another way of leaving the middleware in place, but turn
> >>> off csrf without using the decorator?
>
> >>> On Thursday, July 5, 2012 8:33:51 PM UTC-4, Jeff Silverman wrote:
>
> >>> Nik, I will give that a try. The reason for the decorator was
> >>> that I was getting 403 forbidden, and the decorator made that one
> >>> go away. If I remove the csrf from the settings file, will that
> >>> solve that problem?
>
> >>> On Tuesday, July 3, 2012 9:32:20 AM UTC-4, Jeff Silverman wrote:
>
> >>> Below is the code from the views.py
>
> >>> The405is retunred from the 'return super(DjangoSoapApp,
> >>> self).__init__(Application(services, tns))' statement. I am
> >>> using
> >>> python 2.6, soaplib20 and django 1.3. I am struggling to
> >>> understand
> >>> what exactly is wrong here.
>
> >>> class HelloWorldService(DefinitionBase):
> >>> @soap(String,Integer,_returns=Array(String))
> >>> def say_smello(self,name,times):
> >>> results = []
> >>> for i in range(0,times):
> >>> results.append('Hello, %s'%name)
> >>> return results
>
> >>> class DjangoSoapApp(WSGIApplication):
> >>> csrf_exempt = True
>
> >>> def __init__(self, services, tns):
> >>> """Create Django view for given SOAP soaplib services and
> >>> tns"""
>
> >>> return super(DjangoSoapApp,
> >>> self).__init__(Application(services, tns))
>
> >>> def __call__(self, request):
> >>> django_response = HttpResponse()
>
> >>> def start_response(status, headers):
> >>> django_response.status_code = int(status.split('
> >>> ', 1)[0])
> >>> for header, value in headers:
> >>> django_response[header] = value
>
> >>> response = super(DjangoSoapApp,
> >>> self).__call__(request.META,
> >>> start_response)
> >>> django_response.content = '\n'.join(response)
>
> >>> return django_response
>
> >>> # the view to use in urls.py
> >>> hello_world_service = DjangoSoapApp([HelloWorldService],
> >>> '__name__')
>
> >>> --
> >>> You received this message because you are subscribed to the Google
> >>> Groups "Django users" group.
> >>> To view this discussion on the web visit
> >>>https://groups.google.com/d/msg/django-users/-/WpDQ4UjGEQwJ.
> >>> To post to this group, send email to django-users@googlegroups.com.
> >>> To unsubscribe from this group, send email to
> >>> django-users+unsubscribe@googlegroups.com.
> >>> For more options, visit this group at
> >>>http://groups.google.com/group/django-users?hl=en.-Hide quoted text -
>
> >> - Show quoted text -
>
> > --
> > You received this message because you are subscribed to the Google Groups "Django users" group.
> > To post to this group, send email to django-users@googlegroups.com.
> > To unsubscribe from this group, send email to django-users+unsubscribe@googlegroups.com.
> > For more options, visit this group athttp://groups.google.com/group/django-users?hl=en.- Hide quoted text -
>
> - Show quoted text -
--
You received this message because you are subscribed to the Google Groups "Django users" group.
To post to this group, send email to django-users@googlegroups.com.
To unsubscribe from this group, send email to django-users+unsubscribe@googlegroups.com.
For more options, visit this group at http://groups.google.com/group/django-users?hl=en.
Subscribe to:
Post Comments (Atom)
No comments:
Post a Comment