Just to give you a hint, you'll need to do 2 things: 1. Use {% csrf_token %} in your view to generate the CSRF Token Form Field 2. Include the value and name from that Form Field in your Javascript Request
#2 is much more a Javascript issue; not specific to django. although someone here may help you. Good luck On Fri, Oct 26, 2012 at 5:16 AM, Stone <phrac...@gmail.com> wrote: > Hi Nik, > > I do not understand. How can I submitted as a actual form parameter? > Are there any examples? > > On Oct 25, 5:24 pm, Nikolas Stevenson-Molnar <nik.mol...@consbio.org> > wrote: > > It looks like you're submitting your request via AJAX and using the > > X-CSRFToken header. It's very possible that one of your proxies isn't > > forwarding that header correctly. You might try submitting it as an > > actual form parameter instead. > > > > _Nik > > > > On 10/25/2012 6:01 AM, Stone wrote: > > > > > > > > > > > > > > > > > Over Firefox and Firebug I have received that CSRF Validation failed. > > > My server is running on apache2-2.2.22 and there are two proxy's > > > All template file and forms includes csrf_token tag. > > > > > On Oct 24, 6:54 pm, Nikolas Stevenson-Molnar <nik.mol...@consbio.org> > > > wrote: > > >> It's possible that the CSRF token isn't being sent correctly. As a > test, > > >> try adding the @csrf_exempt decorator to your view. If you no longer > get > > >> the 403, then it's a CSRF problem. > > > > >> _Nik > > > > >> On 10/24/2012 6:31 AM, Stone wrote: > > > > >>> My Django application is running on real server (apache2-2.2.22). > > >>> In urls.py is mentioned: > > >>> (r'^configSave/$', configSave), > > >>> My HTML is bellow. After pressing on configSave I am receiving HTTP > > >>> 403 error page. > > >>> In view.py is mentioned: > > >>> def configSave(request): > > >>> configFile={} > > >>> if os.path.isfile(SSO_CONF) != False: > > >>> f = open(SSO_CONF,"r") > > >>> for line in f: > > >>> line = line.strip() > > >>> if re.search('^#',line) != None: > > >>> '''print 'This is the commentary''' > > >>> else: > > >>> '''print line''' > > >>> try: > > >>> name, value = line.split('=',2) > > >>> configFile[name]=value > > >>> print '<%s>%s</%s>' % (name, > value, name) > > >>> except ValueError, err: > > >>> ''' print 'This is empty row''' > > >>> > configFile['SlaveDeactAppl']=configFile['SlaveDeactAppl'].split(','); > > >>> > configFile['SlaveDeactScripts']=configFile['SlaveDeactScripts'].split(','); > > >>> configFile={} > > >>> if os.path.isfile(SSO_CONF) != False: > > >>> f = open(SSO_CONF,"r") > > >>> for line in f: > > >>> line = line.strip() > > >>> if re.search('^#',line) != None: > > >>> '''print 'This is the commentary''' > > >>> else: > > >>> '''print line''' > > >>> try: > > >>> name, value = line.split('=',2) > > >>> configFile[name]=value > > >>> print '<%s>%s</%s>' % (name, > value, name) > > >>> except ValueError, err: > > >>> ''' print 'This is empty row''' > > >>> > configFile['SlaveDeactAppl']=configFile['SlaveDeactAppl'].split(','); > > >>> > configFile['SlaveDeactScripts']=configFile['SlaveDeactScripts'].split(','); > > >>> c = {} > > >>> c = Context({ > > >>> 'config':configFile, > > >>> 'item':2, > > >>> }) > > >>> c.update(csrf(request)) > > >>> return > > >>> > render_to_response('config.html',c,context_instance=RequestContext(request)) > > >>> By the way how to really fast define logging mechanism which can be > > >>> use for debugging. > > >>> Is this my programmer approach corrector is there any other way how > to > > >>> react on the pressing of button? > > >>> <!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" > "http:// > > >>>www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd"> > > >>> {% extends "index.html" %} > > >>> {% block content %} > > >>> <html lang="en-US" xml:lang="en-US" xmlns="http://www.w3.org/1999/ > > >>> xhtml"> > > >>> <script type="text/javascript"> > > >>> top.helpID="SSO_config"; > > >>> $(document).ready(function () { > > >>> function sendAjax() > > >>> { > > >>> $(document).ajaxSend(function(event, xhr, settings) { > > >>> function getCookie(name) { > > >>> var cookieValue = null; > > >>> if (document.cookie && document.cookie != '') { > > >>> var cookies = document.cookie.split(';'); > > >>> for (var i = 0; i < cookies.length; i++) { > > >>> var cookie = jQuery.trim(cookies[i]); > > >>> if (cookie.substring(0, name.length + 1) == > (name > > >>> + '=')) { > > >>> cookieValue = > > >>> decodeURIComponent(cookie.substring(name.length + 1)); > > >>> break; > > >>> } > > >>> } > > >>> } > > >>> return cookieValue; > > >>> } > > >>> function sameOrigin(url) { > > >>> var host = document.location.host; // host + port > > >>> var protocol = document.location.protocol; > > >>> var sr_origin = '//' + host; > > >>> var origin = protocol + sr_origin; > > >>> // Allow absolute or scheme relative URLs to same > origin > > >>> return (url == origin || url.slice(0, origin.length + > 1) > > >>> == origin + '/') || > > >>> (url == sr_origin || url.slice(0, > sr_origin.length + > > >>> 1) == sr_origin + '/') || > > >>> !(/^(\/\/|http:|https:).*/.test(url)); > > >>> } > > >>> function safeMethod(method) { > > >>> return (/^(GET|HEAD|OPTIONS|TRACE)$/.test(method)); > > >>> } > > >>> if (!safeMethod(settings.type) && > sameOrigin(settings.url)) { > > >>> xhr.setRequestHeader("X-CSRFToken", > > >>> getCookie('csrftoken')); > > >>> } > > >>> }); > > >>> } > > >>> $("#saveCfg").click(function(event){ > > >>> sendAjax(); > > >>> $.ajax({ > > >>> type: "POST", > > >>> url: "/SSO/configSave/", > > >>> dataType: "text", > > >>> success: function(data) { > > >>> alert(data); > > >>> }, > > >>> error: function(xhr,ajaxOptions,thrownError) { > > >>> alert(xhr.status +" "+xhr.statusText); > > >>> alert(thrownError); > > >>> } > > >>> }); > > >>> }); > > >>> }); > > >>> </script> > > >>> <body class="bodyClass"> > > >>> <table class="body_table"> > > >>> <tr> > > >>> <th colspan="4" class="thead"><b> IP configuration</b></ > > >>> th> > > >>> </tr> > > >>> <tr> > > >>> <td>Master IP address</td> > > >>> <td> > > >>> <input id="mip" style="width: 100px;" > > >>> value="{{config.MasterIPAddress}}"/> > > >>> </td> > > >>> <td>Slave IP address</td> > > >>> <td> > > >>> <input id="sip" style="width: 100px;" > > >>> value="{{config.SlaveIPAddress}}"/> > > >>> </td> > > >>> </tr> > > >>> <tr> > > >>> <td>Master netmask</td> > > >>> <td> > > >>> <input id="mnetmask" style="width: 100px;" > > >>> value="{{config.MasterIPNetmask}}"/> > > >>> </td> > > >>> <td>Slave netmask</td> > > >>> <td> > > >>> <input id="snetmask" style="width: 100px;" > > >>> value="{{config.SlaveIPNetmask}}"/> > > >>> </td> > > >>> </tr> > > >>> <tr> > > >>> <td>Master broadcast</td> > > >>> <td> > > >>> <input id="mbroadcast" style="width: 100px;" > > >>> value="{{config.MasterIPBroadcast}}"/> > > >>> </td> > > >>> <td>Slave broadcast</td> > > >>> <td> > > >>> <input id="sbroadcast" style="width: 100px;" > > >>> value="{{config.SlaveIPBroadcast}}"/> > > >>> </td> > > >>> </tr> > > >>> <tr> > > >>> <td></td> > > >>> <td></td> > > >>> <td></td> > > >>> <td></td> > > >>> </tr> > > >>> <tr> > > >>> <td>Lancard name</td> > > >>> <td><span id="cardname"></span>{{config.LanCardName}}</td> > > >>> <td>MAC address</td> > > >>> <td><input id="cardmac" value="{{config.LanCardMAC}}"/></td> > > >>> </tr> > > >>> <tr> > > >>> <th colspan="4" class="thead"><b> Configuration > > >>> parameters</b> > > >>> </th> > > >>> </tr> > > >>> <tr> > > >>> <td>Replication frequency</td> > > >>> <td> > > >>> <select id="freq"> > > >>> <option {% if > config.MasterBackupFrequency = "daily" %} > > >>> selected="selected"{% endif %}>daily</option> > > >>> <option {% if > config.MasterBackupFrequency = "Monday" %} > > >>> selected="selected"{% endif %}>Monday</option> > > >>> <option {% if > config.MasterBackupFrequency = "Thusday" %} > > >>> selected="selected"{% endif %}>Thusday</option> > > >>> <option {% if > config.MasterBackupFrequency = "Wednesday" %} > > >>> selected="selected"{% endif %}>Wednesday</option> > > >>> <option {% if > config.MasterBackupFrequency = "Thursday" %} > > >>> selected="selected"{% endif %}>Thursday</option> > > >>> <option {% if > config.MasterBackupFrequency = "Friday" %} > > >>> selected="selected"{% endif %}>Friday</option> > > >>> <option {% if > config.MasterBackupFrequency = "Saturday" %} > > >>> selected="selected"{% endif %}>Saturday</option> > > >>> <option {% if > config.MasterBackupFrequency = "Sunday" %} > > >>> selected="selected"{% endif %}>Sunday</option> > > >>> </select> > > >>> </td> > > >>> <td>Replication time</td> > > >>> <td><input style="width: 40%;" id="backuptime" > > >>> value="{{config.MasterBackupStartTime}}"/></td> > > >>> </tr> > > >>> <tr> > > >>> <td valign="top">Slave deactivated application</td> > > >>> <td style="width: 20%;"><span id="appl"> > > >>> {% for appl in config.SlaveDeactAppl %} > > >>> {{ appl }}<br> > > >>> {% endfor %} > > >>> </span></td> > > >>> <td valign="top">Slave deactivated scripts</td> > > >>> <td style="width: 20%;"><span > > > > ... > > > > read more ยป > > -- > You received this message because you are subscribed to the Google Groups > "Django users" group. > To post to this group, send email to django-users@googlegroups.com. > To unsubscribe from this group, send email to > django-users+unsubscr...@googlegroups.com. > For more options, visit this group at > http://groups.google.com/group/django-users?hl=en. > > -- You received this message because you are subscribed to the Google Groups "Django users" group. To post to this group, send email to django-users@googlegroups.com. To unsubscribe from this group, send email to django-users+unsubscr...@googlegroups.com. For more options, visit this group at http://groups.google.com/group/django-users?hl=en.