Ok Nik. I have removed the CSRF middleware and get a brand new error. XMLSyntaxError at /hello/ error parsing attribute name, line 1, column 6Request Method: POST Request URL: http://piadm42.troweprice.com:5555/hello/ Django Version: 1.3.1 Exception Type: XMLSyntaxError Exception Value: error parsing attribute name, line 1, column 6 Exception Location: /usr/lib/python2.6/site-packages/ soaplib-2.0.0_beta1-py2.6.egg/soaplib/core/_base.py in _parse_xml_string, line 248 Python Executable: /usr/bin/python Python Version: 2.6.6
The POST in fiddler is something like this -> http://mysite.com:5555/hello/ and the request body contains -> <name=fred×=2> On Jul 5, 10:35 pm, Nikolas Stevenson-Molnar <nik.mol...@consbio.org> wrote: > Yes, I would expect a 403 when the CSRF middleware is active, the > decorator is not used, and no CSRF token is provided. This is the > intended behavior. You can fix this in a few ways: > > 1. Apply the decorator to the __call__ method (rather than to the class > itself). If I understand how this code works, that should correctly > disable CSRF for the view. > 2. Provide a CSRF value with the POST data, as you suggested. This all > depends on how the request is made. Django's CSRF system relies on a > CSRF value set in a cookie. You have to mimic a browsers cookie > functionality, then use the value of the CSRF cookie with evey > request you make. By default, the cookie name is 'csrftoken'. For > more info on the CSRF process: > https://docs.djangoproject.com/en/1.4/ref/contrib/csrf/ > 3. Disable CSRF altogether. Simply remove the CsrfViewMiddleware from > your settings and you're good to go. > > _Nik > > On 7/5/2012 6:22 PM, Jeff Silverman wrote: > > > > > Nik, if I remove the csrf decorator and leave the middleware in place, > > I get the 403. Is there a way to add the token on the POST command, > > or is there another way of leaving the middleware in place, but turn > > off csrf without using the decorator? > > > On Thursday, July 5, 2012 8:33:51 PM UTC-4, Jeff Silverman wrote: > > > Nik, I will give that a try. The reason for the decorator was > > that I was getting 403 forbidden, and the decorator made that one > > go away. If I remove the csrf from the settings file, will that > > solve that problem? > > > On Tuesday, July 3, 2012 9:32:20 AM UTC-4, Jeff Silverman wrote: > > > Below is the code from the views.py > > > The 405 is retunred from the 'return super(DjangoSoapApp, > > self).__init__(Application(services, tns))' statement. I am > > using > > python 2.6, soaplib20 and django 1.3. I am struggling to > > understand > > what exactly is wrong here. > > > class HelloWorldService(DefinitionBase): > > @soap(String,Integer,_returns=Array(String)) > > def say_smello(self,name,times): > > results = [] > > for i in range(0,times): > > results.append('Hello, %s'%name) > > return results > > > class DjangoSoapApp(WSGIApplication): > > csrf_exempt = True > > > def __init__(self, services, tns): > > """Create Django view for given SOAP soaplib services and > > tns""" > > > return super(DjangoSoapApp, > > self).__init__(Application(services, tns)) > > > def __call__(self, request): > > django_response = HttpResponse() > > > def start_response(status, headers): > > django_response.status_code = int(status.split(' > > ', 1)[0]) > > for header, value in headers: > > django_response[header] = value > > > response = super(DjangoSoapApp, > > self).__call__(request.META, > > start_response) > > django_response.content = '\n'.join(response) > > > return django_response > > > # the view to use in urls.py > > hello_world_service = DjangoSoapApp([HelloWorldService], > > '__name__') > > > -- > > You received this message because you are subscribed to the Google > > Groups "Django users" group. > > To view this discussion on the web visit > >https://groups.google.com/d/msg/django-users/-/WpDQ4UjGEQwJ. > > To post to this group, send email to django-users@googlegroups.com. > > To unsubscribe from this group, send email to > > django-users+unsubscr...@googlegroups.com. > > For more options, visit this group at > >http://groups.google.com/group/django-users?hl=en.- Hide quoted text - > > - Show quoted text - -- You received this message because you are subscribed to the Google Groups "Django users" group. To post to this group, send email to django-users@googlegroups.com. To unsubscribe from this group, send email to django-users+unsubscr...@googlegroups.com. For more options, visit this group at http://groups.google.com/group/django-users?hl=en.
