Friday, July 6, 2012

Re: Still need help with the 405....please

Ok Nik. I have removed the CSRF middleware and get a brand new error.

XMLSyntaxError at /hello/
error parsing attribute name, line 1, column 6Request Method: POST
Request URL: http://piadm42.troweprice.com:5555/hello/
Django Version: 1.3.1
Exception Type: XMLSyntaxError
Exception Value: error parsing attribute name, line 1, column 6
Exception Location: /usr/lib/python2.6/site-packages/
soaplib-2.0.0_beta1-py2.6.egg/soaplib/core/_base.py in
_parse_xml_string, line 248
Python Executable: /usr/bin/python
Python Version: 2.6.6

The POST in fiddler is something like this -> http://mysite.com:5555/hello/
and the request body contains -> <name=fred&times=2>



On Jul 5, 10:35 pm, Nikolas Stevenson-Molnar <nik.mol...@consbio.org>
wrote:
> Yes, I would expect a 403 when the CSRF middleware is active, the
> decorator is not used, and no CSRF token is provided. This is the
> intended behavior. You can fix this in a few ways:
>
>  1. Apply the decorator to the __call__ method (rather than to the class
>     itself). If I understand how this code works, that should correctly
>     disable CSRF for the view.
>  2. Provide a CSRF value with the POST data, as you suggested. This all
>     depends on how the request is made. Django's CSRF system relies on a
>     CSRF value set in a cookie. You have to mimic a browsers cookie
>     functionality, then use the value of the CSRF cookie with evey
>     request you make. By default, the cookie name is 'csrftoken'. For
>     more info on the CSRF process:
>    https://docs.djangoproject.com/en/1.4/ref/contrib/csrf/
>  3. Disable CSRF altogether. Simply remove the CsrfViewMiddleware from
>     your settings and you're good to go.
>
> _Nik
>
> On 7/5/2012 6:22 PM, Jeff Silverman wrote:
>
>
>
> > Nik, if I remove the csrf decorator and leave the middleware in place,
> > I get the 403.  Is there a way to add the token on the POST command,
> > or is there another way of leaving the middleware in place, but turn
> > off csrf without using the decorator?
>
> > On Thursday, July 5, 2012 8:33:51 PM UTC-4, Jeff Silverman wrote:
>
> >     Nik, I will give that a try.  The reason for the decorator was
> >     that I was getting 403 forbidden, and the decorator made that one
> >     go away.  If I remove the csrf from the settings file, will that
> >     solve that problem?
>
> >     On Tuesday, July 3, 2012 9:32:20 AM UTC-4, Jeff Silverman wrote:
>
> >         Below is the code from the views.py
>
> >         The 405 is retunred from the 'return super(DjangoSoapApp,
> >         self).__init__(Application(services, tns))' statement.  I am
> >         using
> >         python 2.6, soaplib20 and django 1.3.  I am struggling to
> >         understand
> >         what exactly is wrong here.
>
> >         class HelloWorldService(DefinitionBase):
> >             @soap(String,Integer,_returns=Array(String))
> >             def say_smello(self,name,times):
> >                 results = []
> >                 for i in range(0,times):
> >                     results.append('Hello, %s'%name)
> >                 return results
>
> >         class DjangoSoapApp(WSGIApplication):
> >             csrf_exempt = True
>
> >             def __init__(self, services, tns):
> >                 """Create Django view for given SOAP soaplib services and
> >         tns"""
>
> >                 return super(DjangoSoapApp,
> >         self).__init__(Application(services, tns))
>
> >             def __call__(self, request):
> >                 django_response = HttpResponse()
>
> >                 def start_response(status, headers):
> >                     django_response.status_code = int(status.split('
> >         ', 1)[0])
> >                     for header, value in headers:
> >                         django_response[header] = value
>
> >                 response = super(DjangoSoapApp,
> >         self).__call__(request.META,
> >         start_response)
> >                 django_response.content = '\n'.join(response)
>
> >                 return django_response
>
> >         # the view to use in urls.py
> >         hello_world_service = DjangoSoapApp([HelloWorldService],
> >         '__name__')
>
> > --
> > You received this message because you are subscribed to the Google
> > Groups "Django users" group.
> > To view this discussion on the web visit
> >https://groups.google.com/d/msg/django-users/-/WpDQ4UjGEQwJ.
> > To post to this group, send email to django-users@googlegroups.com.
> > To unsubscribe from this group, send email to
> > django-users+unsubscribe@googlegroups.com.
> > For more options, visit this group at
> >http://groups.google.com/group/django-users?hl=en.- Hide quoted text -
>
> - Show quoted text -

--
You received this message because you are subscribed to the Google Groups "Django users" group.
To post to this group, send email to django-users@googlegroups.com.
To unsubscribe from this group, send email to django-users+unsubscribe@googlegroups.com.
For more options, visit this group at http://groups.google.com/group/django-users?hl=en.
Posted by at

No comments:

Post a Comment

Subscribe to: Post Comments (Atom)