Of course, JavaScript will be involved. You can probably get the token
from the cookies, but you could also add code to your (first) template
to set a JS variable to the token. Then, when you (on the client side)
get the form to display, you can insert the appropriate hidden element.
Bill
On Sun, Sep 2, 2012 at 5:06 PM, Robert Steckroth
<robertsteckroth@gmail.com> wrote:
> No actually the the template that renders the form is separate from
> the template that submits it.
> It is working with a @csrf_exempt on the processing view however. I
> guess I need a way to inform form processing view
> of the token it was given in the form serving view. I should be able
> to provide this with a caching or session variable.
> It was a pain in the rear, but the result is very professional. I am
> just gonna ignore it for now until it goes public.
>
>
> On Sun, Sep 2, 2012 at 1:16 AM, Melvyn Sopacua <m.r.sopacua@gmail.com> wrote:
>> On 2-9-2012 0:52, Robert Steckroth wrote:
>>
>>> The
>>> problem is that the contact form
>>> is provided by one view and processed by another. This, of course
>>> raises a CSRF token error in the posting
>>> submit.
>> I don't see the logic of this, unless by view you mean request. This is
>> also a bit confusing:
>>> I have created a dynamic template loading system utilizing
>>> ajax inside the template.
>>
>> If by template you mean django template, then the above can not ever be
>> created. AJAX is incapable of generating server side code by design.
>> What is more likely, is that your template generates javascript that
>> fetches bits of HTML using other urls, that are then coupled to other
>> django templates and this gives a similar end result in which a page
>> consists of dynamic blocks akin to django's {% include %} tag.
>>
>> However, the execution flow is still that django provides the content
>> for the browser, so the contact form can have it's own CSRF token. Are
>> you providing that token in the template that renders the contact form?
>> --
>> Melvyn Sopacua
>>
>> --
>> You received this message because you are subscribed to the Google Groups "Django users" group.
>> To post to this group, send email to django-users@googlegroups.com.
>> To unsubscribe from this group, send email to django-users+unsubscribe@googlegroups.com.
>> For more options, visit this group at http://groups.google.com/group/django-users?hl=en.
>>
>
>
>
> --
> Bust0ut, Surgemcgee: Systems Engineer ---
> surgemcgee.com
> BudTVNetwork.com
> RadioWeedShow.com
> "Bringing entertainment to Unix"
>
> --
> You received this message because you are subscribed to the Google Groups "Django users" group.
> To post to this group, send email to django-users@googlegroups.com.
> To unsubscribe from this group, send email to django-users+unsubscribe@googlegroups.com.
> For more options, visit this group at http://groups.google.com/group/django-users?hl=en.
>
--
You received this message because you are subscribed to the Google Groups "Django users" group.
To post to this group, send email to django-users@googlegroups.com.
To unsubscribe from this group, send email to django-users+unsubscribe@googlegroups.com.
For more options, visit this group at http://groups.google.com/group/django-users?hl=en.
Subscribe to:
Post Comments (Atom)
No comments:
Post a Comment