We have a site with a lot of static HTML pages and a few Django pages. Dajaxice is used on both the static and Django pages to check whether the user is logged in and show the login status to the user. The problem is that since the user will typically visit the HTML pages first, the user will not have a CSRF cookie stored when the first AJAX request is made and Django rejects the request. Is there any elegant way to solve this? I've now disabled CSRF protection for all AJAX requests, which is not a problem right now since we don't do anything dangerous or send sensitive data with AJAX, but could become risk in the future.
Kind regards, Vincent -- You received this message because you are subscribed to the Google Groups "Django users" group. To post to this group, send email to django-users@googlegroups.com. To unsubscribe from this group, send email to django-users+unsubscr...@googlegroups.com. For more options, visit this group at http://groups.google.com/group/django-users?hl=en.
