Thank you all for your suggestions :) :)
On Mon, Sep 24, 2012 at 7:56 PM, Nicolas Patry <patry.nico...@gmail.com>wrote:
> If you are access to the form (meaning you are in the dom), and if you
> don't mind using jQuery, there is the even simpler:
>
> <script type="text/javascript">
>> $.post("/some/url", $("#someform").serialize(), function(data){
>> // Do whatever with data
>> })
>
>
> $("#someform").serialize() automatically adds the crsf_token which should
> be contained in your form. This makes a lot easier to validate your form
> via AJAX.
>
> Cheers,
> Nicolas Patry
>
> On Monday, September 24, 2012 4:00:02 PM UTC+2, jondykeman wrote:
>>
>> +1 For doing it right from the beginning.
>>
>> I was tempted to disable when trying to deal with AJAX especially early
>> on. Below is some code with jQuery so that you won't need to manually feed
>> the token through your AJAX.
>>
>> <script type="text/javascript">
>> jQuery(document).ajaxSend(**function(event, xhr, settings) {
>> function getCookie(name) {
>> var cookieValue = null;
>> if (document.cookie && document.cookie != '') {
>> var cookies = document.cookie.split(';');
>> for (var i = 0; i < cookies.length; i++) {
>> var cookie = jQuery.trim(cookies[i]);
>> // Does this cookie string begin with the name we want?
>> if (cookie.substring(0, name.length + 1) == (name + '='))
>> {
>> cookieValue =
>> decodeURIComponent(cookie.**substring(name.length
>> + 1));
>> break;
>> }
>> }
>> }
>> return cookieValue;
>> }
>> function sameOrigin(url) {
>> // url could be relative or scheme relative or absolute
>> var host = document.location.host; // host + port
>> var protocol = document.location.protocol;
>> var sr_origin = '//' + host;
>> var origin = protocol + sr_origin;
>> // Allow absolute or scheme relative URLs to same origin
>> return (url == origin || url.slice(0, origin.length + 1) ==
>> origin + '/') ||
>> (url == sr_origin || url.slice(0, sr_origin.length + 1) ==
>> sr_origin + '/') ||
>> // or any other URL that isn't scheme relative or absolute
>> i.e relative.
>> !(/^(\/\/|http:|https:).*/.**test(url));
>> }
>> function safeMethod(method) {
>> return (/^(GET|HEAD|OPTIONS|TRACE)$/.**test(method));
>> }
>>
>> if (!safeMethod(settings.type) && sameOrigin(settings.url)) {
>> xhr.setRequestHeader("X-**CSRFToken", getCookie('csrftoken'));
>> }
>> });
>> </script>
>>
>> On Monday, September 24, 2012 7:07:09 AM UTC-6, Mulianto wrote:
>>>
>>> hi, better use csrf for your application security.
>>>
>>> it is easier to disable it, but security for your app what you will
>>> think after it running later.
>>>
>>> do it correctly now or later .
>>>
>>> Rgds,
>>>
>>> Mulianto
>>>
>>> On Mon, Sep 24, 2012 at 2:56 PM, yati sagade <yati....@gmail.com> wrote:
>>>
>>>> Remove {% csrf_token %} from the form AND leave the csrf_exempt
>>>> decorator as it is in the view. Everyone faces challenges while learning a
>>>> new thing. The key is to face it head on and not to move to somewhere you
>>>> think there will be no challenges :)
>>>>
>>>>
>>>> On Mon, Sep 24, 2012 at 1:14 AM, puneet loya <punee...@gmail.com>wrote:
>>>>
>>>>> Hi
>>>>>
>>>>> I was trying to disable csrf . I am calling post using ajax.
>>>>>
>>>>> I have used the csrf token placed it below the form.
>>>>>
>>>>> In my views file i m using the csrf exempt.
>>>>>
>>>>> I am still getting the network forbidden error. :(
>>>>>
>>>>> If you require more information i will share it :)
>>>>>
>>>>> On Thursday, 19 August 2010 06:49:02 UTC+5:30, chenge wrote:
>>>>>>
>>>>>>
>>>>>>
>>>>>> On 8月18日, 上午4时29分, Rolando Espinoza La Fuente <dark...@gmail.com>
>>>>>> wrote:
>>>>>> > On Tue, Aug 17, 2010 at 8:01 AM, chenge <cheng...@gmail.com>
>>>>>> wrote:
>>>>>> > > I'm new to django. CSRF let me crazy!
>>>>>> >
>>>>>> > Can't use {% csrf_token %} tag inside your <form>'s?
>>>>>> >
>>>>>> > See csrf_exempt decorator:http://docs.**djangopr**
>>>>>> oject.com/en/dev/ref/**contrib/**csrf/#exceptions<http://docs.djangoproject.com/en/dev/ref/contrib/csrf/#exceptions>
>>>>>> >
>>>>>> > Regards,
>>>>>> >
>>>>>> > Rolando Espinoza La fuentewww.insophia.com
>>>>>>
>>>>>> Thanks, I decide try flask first, that seems simple. Maybe I'll try
>>>>>> the exempt.
>>>>>
>>>>> --
>>>>> You received this message because you are subscribed to the Google
>>>>> Groups "Django users" group.
>>>>> To view this discussion on the web visit https://groups.google.com/d/*
>>>>> *msg/django-users/-/**BQ5RpafQK3EJ<https://groups.google.com/d/msg/django-users/-/BQ5RpafQK3EJ>
>>>>> .
>>>>> To post to this group, send email to django...@googlegroups.com.
>>>>> To unsubscribe from this group, send email to
>>>>> django-users...@googlegroups.**com.
>>>>> For more options, visit this group at http://groups.google.com/**
>>>>> group/django-users?hl=en<http://groups.google.com/group/django-users?hl=en>
>>>>> .
>>>>>
>>>>
>>>>
>>>>
>>>> --
>>>> Yati Sagade
>>>>
>>>> Software Engineer at mquotient <http://www.mquotient.net/>
>>>> <http://twitter.com/yati_itay>
>>>>
>>>> Twitter: @yati_itay <http://twitter.com/yati_itay> | Github:
>>>> yati-sagade <https://github.com/yati-sagade>
>>>>
>>>> Organizing member of TEDx EasternMetropolitanBypass
>>>> http://www.ted.com/tedx/**events/4933<http://www.ted.com/tedx/events/4933>
>>>> https://www.facebook.com/**pages/TEDx-**EasternMetropolitanBypass/**
>>>> 337763226244869<https://www.facebook.com/pages/TEDx-EasternMetropolitanBypass/337763226244869>
>>>>
>>>>
>>>>
>>>> --
>>>> You received this message because you are subscribed to the Google
>>>> Groups "Django users" group.
>>>> To post to this group, send email to django...@googlegroups.com.
>>>> To unsubscribe from this group, send email to
>>>> django-users...@googlegroups.**com.
>>>> For more options, visit this group at http://groups.google.com/**
>>>> group/django-users?hl=en<http://groups.google.com/group/django-users?hl=en>
>>>> .
>>>>
>>>
>>> --
> You received this message because you are subscribed to the Google Groups
> "Django users" group.
> To view this discussion on the web visit
> https://groups.google.com/d/msg/django-users/-/zaZHJCPKDuAJ.
>
> To post to this group, send email to django-users@googlegroups.com.
> To unsubscribe from this group, send email to
> django-users+unsubscr...@googlegroups.com.
> For more options, visit this group at
> http://groups.google.com/group/django-users?hl=en.
>
--
You received this message because you are subscribed to the Google Groups
"Django users" group.
To post to this group, send email to django-users@googlegroups.com.
To unsubscribe from this group, send email to
django-users+unsubscr...@googlegroups.com.
For more options, visit this group at
http://groups.google.com/group/django-users?hl=en.
