Sunday, September 2, 2012

Re: Using the CSRF token with two views

No actually the the template that renders the form is separate from
the template that submits it.
It is working with a @csrf_exempt on the processing view however. I
guess I need a way to inform form processing view
of the token it was given in the form serving view. I should be able
to provide this with a caching or session variable.
It was a pain in the rear, but the result is very professional. I am
just gonna ignore it for now until it goes public.


On Sun, Sep 2, 2012 at 1:16 AM, Melvyn Sopacua <m.r.sopacua@gmail.com> wrote:
> On 2-9-2012 0:52, Robert Steckroth wrote:
>
>> The
>> problem is that the contact form
>> is provided by one view and processed by another. This, of course
>> raises a CSRF token error in the posting
>> submit.
> I don't see the logic of this, unless by view you mean request. This is
> also a bit confusing:
>> I have created a dynamic template loading system utilizing
>> ajax inside the template.
>
> If by template you mean django template, then the above can not ever be
> created. AJAX is incapable of generating server side code by design.
> What is more likely, is that your template generates javascript that
> fetches bits of HTML using other urls, that are then coupled to other
> django templates and this gives a similar end result in which a page
> consists of dynamic blocks akin to django's {% include %} tag.
>
> However, the execution flow is still that django provides the content
> for the browser, so the contact form can have it's own CSRF token. Are
> you providing that token in the template that renders the contact form?
> --
> Melvyn Sopacua
>
> --
> You received this message because you are subscribed to the Google Groups "Django users" group.
> To post to this group, send email to django-users@googlegroups.com.
> To unsubscribe from this group, send email to django-users+unsubscribe@googlegroups.com.
> For more options, visit this group at http://groups.google.com/group/django-users?hl=en.
>



--
Bust0ut, Surgemcgee: Systems Engineer ---
surgemcgee.com
BudTVNetwork.com
RadioWeedShow.com
"Bringing entertainment to Unix"

--
You received this message because you are subscribed to the Google Groups "Django users" group.
To post to this group, send email to django-users@googlegroups.com.
To unsubscribe from this group, send email to django-users+unsubscribe@googlegroups.com.
For more options, visit this group at http://groups.google.com/group/django-users?hl=en.
Posted by at

No comments:

Post a Comment

Subscribe to: Post Comments (Atom)