i am using Chrome. to be honest i dont really understand everything you are talking about, so ill just try to run your code and see if i can get results on the other hand if i use GET instead of POST i dont have to worry about CSRF right?
i am not sure you understood my question though, i am getting a HTTPRESPONSE, just not the one inside request.is_ajax() i have read too much documentation on the net (old and new) so i guess thats why i am confused now and just need something that works and only after that i will try to understand why does it work On Monday, April 23, 2012 1:34:16 PM UTC+1, Masklinn wrote: > > > On 2012-04-23, at 13:48 , psychok7 wrote: > > > yes i did that now, and still doesnt work.. it still returns false and > > doesnt print the line after request.is_ajax() > > > > I can't reproduce the issue with a trivial repro case (see attached > module), > so with the little information you've provided the only thing my psychic > debugger yield was "are you using Firefox" as it has a long-standing bug > of not conserving headers on redirections[0][1], but that would make the > entire > CSRF fail. *Unless* it redirects to a GET request, since you're not > checking > whether the method is GET or POST (which you really should, incidentally) > this would bypass the CSRF check (even though it'd lose the header), and > would > lose the X-Requested-By header (set by jquery) which Django uses to know > whether a request "is ajax" or not. > > So I'd recommend looking into that, and taking a long look at you > javascript > console's Network tab to see what kind of calls are being sent by the > browser > to django. > > [0] https://bugzilla.mozilla.org/show_bug.cgi?id=553888 > [1] On the other hand, it should be fixed in Firefox 7 and above, so you'd > have to use Firefox *and* use an outdated version of it. > > -- You received this message because you are subscribed to the Google Groups "Django users" group. To view this discussion on the web visit https://groups.google.com/d/msg/django-users/-/816szwSVDLEJ. To post to this group, send email to django-users@googlegroups.com. To unsubscribe from this group, send email to django-users+unsubscr...@googlegroups.com. For more options, visit this group at http://groups.google.com/group/django-users?hl=en.
