David,
I realize this was a long time ago, wondering if you ever got it working.
I'm battling the same dragon currently.
Step 1: seems to work
wget --save-cookies c:\cifs\cookies.txt --keep-session-cookies --no-check-certificate --http-user=myuser --http-password=mypass https://www.pdfstore.com/
which will save the session cookie allowing you to perform a second wget using the saved cookies
Step 2: Is where I'm getting an error "Error 400 not-valid csrf token"
wget --load-cookies c:\cifs\cookies.txt --no-check-certificate --no-parent --recursive https://www.pdfstore.com/pdfvault/?T&csrfToken=null
I'm inclined to think that wget cannot save csrf tokens in the same way it can session cookies. Wondering if you ever found a way out of this dragons den?
Not sure if it makes a diff but im running on windows7 going through a bluecoat proxy on the way out so using Unixutils as it allows me to set the proxy config.
Thanks,
Kevin
On Thursday, April 14, 2011 4:32:46 AM UTC-7, David wrote:
-- I realize this was a long time ago, wondering if you ever got it working.
I'm battling the same dragon currently.
Step 1: seems to work
wget --save-cookies c:\cifs\cookies.txt --keep-session-cookies --no-check-certificate --http-user=myuser --http-password=mypass https://www.pdfstore.com/
which will save the session cookie allowing you to perform a second wget using the saved cookies
Step 2: Is where I'm getting an error "Error 400 not-valid csrf token"
wget --load-cookies c:\cifs\cookies.txt --no-check-certificate --no-parent --recursive https://www.pdfstore.com/pdfvault/?T&csrfToken=null
I'm inclined to think that wget cannot save csrf tokens in the same way it can session cookies. Wondering if you ever found a way out of this dragons den?
Not sure if it makes a diff but im running on windows7 going through a bluecoat proxy on the way out so using Unixutils as it allows me to set the proxy config.
Thanks,
Kevin
On Thursday, April 14, 2011 4:32:46 AM UTC-7, David wrote:
Hello,
I am sorry for asking this, I know similar questions have been asked
before but I could not piece together the answer I needed from
previous contribution!
I have a view, for example:
@login_required
def clever_view(request):
#Render a PDF to a string
response = HttpResponse(content_type='application/pdf')
response.write(pdf_as_string)
return response
Now, in a browser, if I request http://my.host.name/clever_view.pdf I
get sent to the log in page, I log in, and I get my file. If I don't
log out I can later on request http://my.host.name/clever_view.pdf and
I get the file strait away. The browser handles the session and csrf
cookies perfectly.
For clarity, the login requires POST inputs 'username', 'password' and
the submit button is called 'submit'.
Now a client wants to use wget or curl to get the file:
wget http://my.host.name/clever_view.pdf
However, all I get are 403 even when I POST the username and password,
save the cookies and keep the session cookies.
So in short, how do I access a view when session and csrftoken cookies
are required.
If someone could show me an example of using curl or wget to access a
view that is not wrapped with @csrf_exempt but is wrapped with
@login_required I would be very grateful indeed.
Thanks in advance
Dave
You received this message because you are subscribed to the Google Groups "Django users" group.
To unsubscribe from this group and stop receiving emails from it, send an email to django-users+unsubscribe@googlegroups.com.
To post to this group, send email to django-users@googlegroups.com.
Visit this group at http://groups.google.com/group/django-users.
To view this discussion on the web visit https://groups.google.com/d/msgid/django-users/a4bd863c-aa3c-45fd-bf0a-54acd5a8b8b7%40googlegroups.com.
For more options, visit https://groups.google.com/d/optout.
No comments:
Post a Comment