Hello,
I'm not quite sure what you are trying to do, but with type: "GET"
there is no need to worry about crfs_token.
From the link you posted:
"""
function csrfSafeMethod(method) {
// these HTTP methods do not require CSRF protection
return (/^(GET|HEAD|OPTIONS|TRACE)$/.test(method));
"""
For the thing with the unexpected login ... I also think this has
nothing to do with the crfs_token thing. If you have the default
authentication running, your authentication data will be in a cookie
named session-id or so ...
of course if you mess up that cookie, you have to authenticate again.
2014-06-23 4:55 GMT+02:00 Subodh Nijsure <subodh.nijsure@gmail.com>:
> [ Sorry this is duplicate as I posted previous messages without Subject: !! ]
>
> I have following ajax query that gets generated from my template.
>
> This is done after user has logged into the system. One thing I have
> noticed is very first GET request always prompts a dialog box that
> asks users to login with username and password. I have done
> console.log and csrf_token is non-null when this dialog is shown. Does
> anybody have idea why this happens on all subsequnt reloads of this
> page I never get prompted to enter username & password.
>
> $.ajax({
> type: "GET",
> withCredentials: true,
> async: false,
> url: "/api/v1/myurl/",
> data: {
> csrfmiddlewaretoken: '{{ csrf_token }}'
> },
> success: function( json) {
> });
>
> It was suggested to me that I should follow this and make sure that
> csrf token is present in the header.
>
>
> https://docs.djangoproject.com/en/dev/ref/contrib/csrf/#ajax
>
> I have made sure that in my javascript I have recommended code that
> set the Requestheader but that doesn't help!
>
> Can anyone help me with this?
>
> -Subodh
>
> --
> You received this message because you are subscribed to the Google Groups "Django users" group.
> To unsubscribe from this group and stop receiving emails from it, send an email to django-users+unsubscribe@googlegroups.com.
> To post to this group, send email to django-users@googlegroups.com.
> Visit this group at http://groups.google.com/group/django-users.
> To view this discussion on the web visit https://groups.google.com/d/msgid/django-users/CALr9Q3a-hqk5fA1TP_3RZetv3gVh-D%2BR4kK0kBfeHBGz%3D0v9xQ%40mail.gmail.com.
> For more options, visit https://groups.google.com/d/optout.
--
You received this message because you are subscribed to the Google Groups "Django users" group.
To unsubscribe from this group and stop receiving emails from it, send an email to django-users+unsubscribe@googlegroups.com.
To post to this group, send email to django-users@googlegroups.com.
Visit this group at http://groups.google.com/group/django-users.
To view this discussion on the web visit https://groups.google.com/d/msgid/django-users/CAL2Rd%3DJV3ZSPposHvVoCHNRNMoSXRrEPRgbRw3niSS4S_k1XJQ%40mail.gmail.com.
For more options, visit https://groups.google.com/d/optout.
Subscribe to:
Post Comments (Atom)
No comments:
Post a Comment