If you can't disable the middleware, you could consider marking the view with the csrf_exempt decorator from django.views.decorators.csrf (see https://docs/djangoproject.com/en/1.4/contrib/csrf/#utilities
Bill On Sun, Oct 7, 2012 at 3:41 AM, Laxmikant Gurnalkar <laxmikant.gurnal...@gmail.com> wrote: > Thanks, for the response. > I had a problem like this > I was trying to create a storesite which can be worked without django > framework but using django. i.e just static template index.html & a > java-script file. With all the stuff dynamically generated & only urls by > the django, so that anybody can use my index.html, just calls my server for > the url to display dynamic content using users information. > so for this purpose I had a cookies resided in my browser and I was trying > to create database objecst using javascript with api urls. > > When I studied CSRF in detail, I understood that, private dynamic > javascript cookies cannot be directly used to retrieve or access the > database related to your site. Hence, my javascript was considered by django > as a malicious/attack content and thrown a 403 forbidden error. So I was > trying to remove the CSRF from my project. But Failed. Due to the same > reason as you guys have told me. > So on understanding CSRF just removed code of cookies & just added > parameters to url just before when user refreshes the page. And whole thing > worked. That was the Great experience. > > anyways, > Plz tell me if I can hv any other method to do this. adding parameters to > url is definitely not secure always. > > One more thing I am using csrf_exempt to handle api views. > > Thanks a lot again. > > On Sat, Oct 6, 2012 at 4:38 AM, Bill Freeman <ke1g...@gmail.com> wrote: >> >> Right you are. >> >> On Fri, Oct 5, 2012 at 6:20 PM, Ian Clelland <clell...@gmail.com> wrote: >> > >> > >> > On Friday, October 5, 2012, Bill Freeman wrote: >> >> >> >> I believe that I read somewhere that newer Djangos force the CSRF >> >> middleware even if it's not listed in MIDDLEWARE_CLASSES. >> > >> > >> > You might be thinking of the CSRF context processor, which is always >> > enabled, no matter what is in settings. Even the most recent docs don't >> > say >> > anything about forcing the middleware. >> >> >> >> >> >> You could dive into the middleware code to see how this happens, and >> >> come up with a stable strategy to circumvent it. Or you could just >> >> fix the necessary views and templates. There is, after all, a chance >> >> that you will want to be able to upgrade this site without jumping >> >> through hoops. >> >> >> >> On Thu, Oct 4, 2012 at 4:56 AM, Laxmikant Gurnalkar >> >> <laxmikant.gurnal...@gmail.com> wrote: >> >> > Hi, Guys >> >> > >> >> > Disabling CSRF is not working. >> >> > These are my midlewares., Removed {% csrf_token %} all templates. >> >> > >> >> > MIDDLEWARE_CLASSES = ( >> >> > 'django.middleware.common.CommonMiddleware', >> >> > 'django.contrib.sessions.middleware.SessionMiddleware', >> >> > # 'django.middleware.csrf.CsrfViewMiddleware', >> >> > 'django.contrib.auth.middleware.AuthenticationMiddleware', >> >> > # 'django.contrib.messages.middleware.MessageMiddleware', >> >> > # 'django.middleware.csrf.CsrfResponseMiddleware', >> >> > # 'igp_acfs.acfs.disablecsrf.DisableCSRF', >> >> > ) >> >> > >> >> > >> >> > Also tried by writing disablecsrf.py like this : >> >> > >> >> > class DisableCSRF(object): >> >> > def process_request(self, request): >> >> > """ >> >> > """ >> >> > setattr(request, '_dont_enforce_csrf_checks', True) >> >> > >> >> > >> >> > Thanks in Advance!!! >> >> > >> >> > Laxmikant >> >> > >> >> > -- >> >> > You received this message because you are subscribed to the Google >> >> > Groups >> >> > "Django users" group. >> >> > To post to this group, send email to django-users@googlegroups.com. >> >> > To unsubscribe from this group, send email to >> >> > django-users+unsubscr...@googlegroups.com. >> >> > For more options, visit this group at >> >> > http://groups.google.com/group/django-users?hl=en. >> >> >> >> -- >> >> You received this message because you are subscribed to the Google >> >> Groups >> >> "Django users" group. >> >> To post to this group, send email to django-users@googlegroups.com. >> >> To unsubscribe from this group, send email to >> >> django-users+unsubscr...@googlegroups.com. >> >> For more options, visit this group at >> >> http://groups.google.com/group/django-users?hl=en. >> >> >> > >> > >> > -- >> > Regards, >> > Ian Clelland >> > <clell...@gmail.com> >> > >> > -- >> > You received this message because you are subscribed to the Google >> > Groups >> > "Django users" group. >> > To post to this group, send email to django-users@googlegroups.com. >> > To unsubscribe from this group, send email to >> > django-users+unsubscr...@googlegroups.com. >> > For more options, visit this group at >> > http://groups.google.com/group/django-users?hl=en. >> >> -- >> You received this message because you are subscribed to the Google Groups >> "Django users" group. >> To post to this group, send email to django-users@googlegroups.com. >> To unsubscribe from this group, send email to >> django-users+unsubscr...@googlegroups.com. >> For more options, visit this group at >> http://groups.google.com/group/django-users?hl=en. >> > > > > -- > > GlxGuru > > > -- > You received this message because you are subscribed to the Google Groups > "Django users" group. > To post to this group, send email to django-users@googlegroups.com. > To unsubscribe from this group, send email to > django-users+unsubscr...@googlegroups.com. > For more options, visit this group at > http://groups.google.com/group/django-users?hl=en. -- You received this message because you are subscribed to the Google Groups "Django users" group. To post to this group, send email to django-users@googlegroups.com. To unsubscribe from this group, send email to django-users+unsubscr...@googlegroups.com. For more options, visit this group at http://groups.google.com/group/django-users?hl=en.