If you can't disable the middleware, you could consider marking the
view with the csrf_exempt decorator from django.views.decorators.csrf
(see https://docs/djangoproject.com/en/1.4/contrib/csrf/#utilities
Bill
On Sun, Oct 7, 2012 at 3:41 AM, Laxmikant Gurnalkar
<laxmikant.gurnal...@gmail.com> wrote:
> Thanks, for the response.
> I had a problem like this
> I was trying to create a storesite which can be worked without django
> framework but using django. i.e just static template index.html & a
> java-script file. With all the stuff dynamically generated & only urls by
> the django, so that anybody can use my index.html, just calls my server for
> the url to display dynamic content using users information.
> so for this purpose I had a cookies resided in my browser and I was trying
> to create database objecst using javascript with api urls.
>
> When I studied CSRF in detail, I understood that, private dynamic
> javascript cookies cannot be directly used to retrieve or access the
> database related to your site. Hence, my javascript was considered by django
> as a malicious/attack content and thrown a 403 forbidden error. So I was
> trying to remove the CSRF from my project. But Failed. Due to the same
> reason as you guys have told me.
> So on understanding CSRF just removed code of cookies & just added
> parameters to url just before when user refreshes the page. And whole thing
> worked. That was the Great experience.
>
> anyways,
> Plz tell me if I can hv any other method to do this. adding parameters to
> url is definitely not secure always.
>
> One more thing I am using csrf_exempt to handle api views.
>
> Thanks a lot again.
>
> On Sat, Oct 6, 2012 at 4:38 AM, Bill Freeman <ke1g...@gmail.com> wrote:
>>
>> Right you are.
>>
>> On Fri, Oct 5, 2012 at 6:20 PM, Ian Clelland <clell...@gmail.com> wrote:
>> >
>> >
>> > On Friday, October 5, 2012, Bill Freeman wrote:
>> >>
>> >> I believe that I read somewhere that newer Djangos force the CSRF
>> >> middleware even if it's not listed in MIDDLEWARE_CLASSES.
>> >
>> >
>> > You might be thinking of the CSRF context processor, which is always
>> > enabled, no matter what is in settings. Even the most recent docs don't
>> > say
>> > anything about forcing the middleware.
>> >>
>> >>
>> >> You could dive into the middleware code to see how this happens, and
>> >> come up with a stable strategy to circumvent it. Or you could just
>> >> fix the necessary views and templates. There is, after all, a chance
>> >> that you will want to be able to upgrade this site without jumping
>> >> through hoops.
>> >>
>> >> On Thu, Oct 4, 2012 at 4:56 AM, Laxmikant Gurnalkar
>> >> <laxmikant.gurnal...@gmail.com> wrote:
>> >> > Hi, Guys
>> >> >
>> >> > Disabling CSRF is not working.
>> >> > These are my midlewares., Removed {% csrf_token %} all templates.
>> >> >
>> >> > MIDDLEWARE_CLASSES = (
>> >> > 'django.middleware.common.CommonMiddleware',
>> >> > 'django.contrib.sessions.middleware.SessionMiddleware',
>> >> > # 'django.middleware.csrf.CsrfViewMiddleware',
>> >> > 'django.contrib.auth.middleware.AuthenticationMiddleware',
>> >> > # 'django.contrib.messages.middleware.MessageMiddleware',
>> >> > # 'django.middleware.csrf.CsrfResponseMiddleware',
>> >> > # 'igp_acfs.acfs.disablecsrf.DisableCSRF',
>> >> > )
>> >> >
>> >> >
>> >> > Also tried by writing disablecsrf.py like this :
>> >> >
>> >> > class DisableCSRF(object):
>> >> > def process_request(self, request):
>> >> > """
>> >> > """
>> >> > setattr(request, '_dont_enforce_csrf_checks', True)
>> >> >
>> >> >
>> >> > Thanks in Advance!!!
>> >> >
>> >> > Laxmikant
>> >> >
>> >> > --
>> >> > You received this message because you are subscribed to the Google
>> >> > Groups
>> >> > "Django users" group.
>> >> > To post to this group, send email to django-users@googlegroups.com.
>> >> > To unsubscribe from this group, send email to
>> >> > django-users+unsubscr...@googlegroups.com.
>> >> > For more options, visit this group at
>> >> > http://groups.google.com/group/django-users?hl=en.
>> >>
>> >> --
>> >> You received this message because you are subscribed to the Google
>> >> Groups
>> >> "Django users" group.
>> >> To post to this group, send email to django-users@googlegroups.com.
>> >> To unsubscribe from this group, send email to
>> >> django-users+unsubscr...@googlegroups.com.
>> >> For more options, visit this group at
>> >> http://groups.google.com/group/django-users?hl=en.
>> >>
>> >
>> >
>> > --
>> > Regards,
>> > Ian Clelland
>> > <clell...@gmail.com>
>> >
>> > --
>> > You received this message because you are subscribed to the Google
>> > Groups
>> > "Django users" group.
>> > To post to this group, send email to django-users@googlegroups.com.
>> > To unsubscribe from this group, send email to
>> > django-users+unsubscr...@googlegroups.com.
>> > For more options, visit this group at
>> > http://groups.google.com/group/django-users?hl=en.
>>
>> --
>> You received this message because you are subscribed to the Google Groups
>> "Django users" group.
>> To post to this group, send email to django-users@googlegroups.com.
>> To unsubscribe from this group, send email to
>> django-users+unsubscr...@googlegroups.com.
>> For more options, visit this group at
>> http://groups.google.com/group/django-users?hl=en.
>>
>
>
>
> --
>
> GlxGuru
>
>
> --
> You received this message because you are subscribed to the Google Groups
> "Django users" group.
> To post to this group, send email to django-users@googlegroups.com.
> To unsubscribe from this group, send email to
> django-users+unsubscr...@googlegroups.com.
> For more options, visit this group at
> http://groups.google.com/group/django-users?hl=en.
--
You received this message because you are subscribed to the Google Groups
"Django users" group.
To post to this group, send email to django-users@googlegroups.com.
To unsubscribe from this group, send email to
django-users+unsubscr...@googlegroups.com.
For more options, visit this group at
http://groups.google.com/group/django-users?hl=en.
