Just to give you a hint, you'll need to do 2 things:
1. Use {% csrf_token %} in your view to generate the CSRF Token Form Field
2. Include the value and name from that Form Field in your Javascript
Request
#2 is much more a Javascript issue; not specific to django. although
someone here may help you.
Good luck
On Fri, Oct 26, 2012 at 5:16 AM, Stone <phrac...@gmail.com> wrote:
> Hi Nik,
>
> I do not understand. How can I submitted as a actual form parameter?
> Are there any examples?
>
> On Oct 25, 5:24 pm, Nikolas Stevenson-Molnar <nik.mol...@consbio.org>
> wrote:
> > It looks like you're submitting your request via AJAX and using the
> > X-CSRFToken header. It's very possible that one of your proxies isn't
> > forwarding that header correctly. You might try submitting it as an
> > actual form parameter instead.
> >
> > _Nik
> >
> > On 10/25/2012 6:01 AM, Stone wrote:
> >
> >
> >
> >
> >
> >
> >
> > > Over Firefox and Firebug I have received that CSRF Validation failed.
> > > My server is running on apache2-2.2.22 and there are two proxy's
> > > All template file and forms includes csrf_token tag.
> >
> > > On Oct 24, 6:54 pm, Nikolas Stevenson-Molnar <nik.mol...@consbio.org>
> > > wrote:
> > >> It's possible that the CSRF token isn't being sent correctly. As a
> test,
> > >> try adding the @csrf_exempt decorator to your view. If you no longer
> get
> > >> the 403, then it's a CSRF problem.
> >
> > >> _Nik
> >
> > >> On 10/24/2012 6:31 AM, Stone wrote:
> >
> > >>> My Django application is running on real server (apache2-2.2.22).
> > >>> In urls.py is mentioned:
> > >>> (r'^configSave/$', configSave),
> > >>> My HTML is bellow. After pressing on configSave I am receiving HTTP
> > >>> 403 error page.
> > >>> In view.py is mentioned:
> > >>> def configSave(request):
> > >>> configFile={}
> > >>> if os.path.isfile(SSO_CONF) != False:
> > >>> f = open(SSO_CONF,"r")
> > >>> for line in f:
> > >>> line = line.strip()
> > >>> if re.search('^#',line) != None:
> > >>> '''print 'This is the commentary'''
> > >>> else:
> > >>> '''print line'''
> > >>> try:
> > >>> name, value = line.split('=',2)
> > >>> configFile[name]=value
> > >>> print '<%s>%s</%s>' % (name,
> value, name)
> > >>> except ValueError, err:
> > >>> ''' print 'This is empty row'''
> > >>>
> configFile['SlaveDeactAppl']=configFile['SlaveDeactAppl'].split(',');
> > >>>
> configFile['SlaveDeactScripts']=configFile['SlaveDeactScripts'].split(',');
> > >>> configFile={}
> > >>> if os.path.isfile(SSO_CONF) != False:
> > >>> f = open(SSO_CONF,"r")
> > >>> for line in f:
> > >>> line = line.strip()
> > >>> if re.search('^#',line) != None:
> > >>> '''print 'This is the commentary'''
> > >>> else:
> > >>> '''print line'''
> > >>> try:
> > >>> name, value = line.split('=',2)
> > >>> configFile[name]=value
> > >>> print '<%s>%s</%s>' % (name,
> value, name)
> > >>> except ValueError, err:
> > >>> ''' print 'This is empty row'''
> > >>>
> configFile['SlaveDeactAppl']=configFile['SlaveDeactAppl'].split(',');
> > >>>
> configFile['SlaveDeactScripts']=configFile['SlaveDeactScripts'].split(',');
> > >>> c = {}
> > >>> c = Context({
> > >>> 'config':configFile,
> > >>> 'item':2,
> > >>> })
> > >>> c.update(csrf(request))
> > >>> return
> > >>>
> render_to_response('config.html',c,context_instance=RequestContext(request))
> > >>> By the way how to really fast define logging mechanism which can be
> > >>> use for debugging.
> > >>> Is this my programmer approach corrector is there any other way how
> to
> > >>> react on the pressing of button?
> > >>> <!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN"
> "http://
> > >>>www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
> > >>> {% extends "index.html" %}
> > >>> {% block content %}
> > >>> <html lang="en-US" xml:lang="en-US" xmlns="http://www.w3.org/1999/
> > >>> xhtml">
> > >>> <script type="text/javascript">
> > >>> top.helpID="SSO_config";
> > >>> $(document).ready(function () {
> > >>> function sendAjax()
> > >>> {
> > >>> $(document).ajaxSend(function(event, xhr, settings) {
> > >>> function getCookie(name) {
> > >>> var cookieValue = null;
> > >>> if (document.cookie && document.cookie != '') {
> > >>> var cookies = document.cookie.split(';');
> > >>> for (var i = 0; i < cookies.length; i++) {
> > >>> var cookie = jQuery.trim(cookies[i]);
> > >>> if (cookie.substring(0, name.length + 1) ==
> (name
> > >>> + '=')) {
> > >>> cookieValue =
> > >>> decodeURIComponent(cookie.substring(name.length + 1));
> > >>> break;
> > >>> }
> > >>> }
> > >>> }
> > >>> return cookieValue;
> > >>> }
> > >>> function sameOrigin(url) {
> > >>> var host = document.location.host; // host + port
> > >>> var protocol = document.location.protocol;
> > >>> var sr_origin = '//' + host;
> > >>> var origin = protocol + sr_origin;
> > >>> // Allow absolute or scheme relative URLs to same
> origin
> > >>> return (url == origin || url.slice(0, origin.length +
> 1)
> > >>> == origin + '/') ||
> > >>> (url == sr_origin || url.slice(0,
> sr_origin.length +
> > >>> 1) == sr_origin + '/') ||
> > >>> !(/^(\/\/|http:|https:).*/.test(url));
> > >>> }
> > >>> function safeMethod(method) {
> > >>> return (/^(GET|HEAD|OPTIONS|TRACE)$/.test(method));
> > >>> }
> > >>> if (!safeMethod(settings.type) &&
> sameOrigin(settings.url)) {
> > >>> xhr.setRequestHeader("X-CSRFToken",
> > >>> getCookie('csrftoken'));
> > >>> }
> > >>> });
> > >>> }
> > >>> $("#saveCfg").click(function(event){
> > >>> sendAjax();
> > >>> $.ajax({
> > >>> type: "POST",
> > >>> url: "/SSO/configSave/",
> > >>> dataType: "text",
> > >>> success: function(data) {
> > >>> alert(data);
> > >>> },
> > >>> error: function(xhr,ajaxOptions,thrownError) {
> > >>> alert(xhr.status +" "+xhr.statusText);
> > >>> alert(thrownError);
> > >>> }
> > >>> });
> > >>> });
> > >>> });
> > >>> </script>
> > >>> <body class="bodyClass">
> > >>> <table class="body_table">
> > >>> <tr>
> > >>> <th colspan="4" class="thead"><b> IP configuration</b></
> > >>> th>
> > >>> </tr>
> > >>> <tr>
> > >>> <td>Master IP address</td>
> > >>> <td>
> > >>> <input id="mip" style="width: 100px;"
> > >>> value="{{config.MasterIPAddress}}"/>
> > >>> </td>
> > >>> <td>Slave IP address</td>
> > >>> <td>
> > >>> <input id="sip" style="width: 100px;"
> > >>> value="{{config.SlaveIPAddress}}"/>
> > >>> </td>
> > >>> </tr>
> > >>> <tr>
> > >>> <td>Master netmask</td>
> > >>> <td>
> > >>> <input id="mnetmask" style="width: 100px;"
> > >>> value="{{config.MasterIPNetmask}}"/>
> > >>> </td>
> > >>> <td>Slave netmask</td>
> > >>> <td>
> > >>> <input id="snetmask" style="width: 100px;"
> > >>> value="{{config.SlaveIPNetmask}}"/>
> > >>> </td>
> > >>> </tr>
> > >>> <tr>
> > >>> <td>Master broadcast</td>
> > >>> <td>
> > >>> <input id="mbroadcast" style="width: 100px;"
> > >>> value="{{config.MasterIPBroadcast}}"/>
> > >>> </td>
> > >>> <td>Slave broadcast</td>
> > >>> <td>
> > >>> <input id="sbroadcast" style="width: 100px;"
> > >>> value="{{config.SlaveIPBroadcast}}"/>
> > >>> </td>
> > >>> </tr>
> > >>> <tr>
> > >>> <td></td>
> > >>> <td></td>
> > >>> <td></td>
> > >>> <td></td>
> > >>> </tr>
> > >>> <tr>
> > >>> <td>Lancard name</td>
> > >>> <td><span id="cardname"></span>{{config.LanCardName}}</td>
> > >>> <td>MAC address</td>
> > >>> <td><input id="cardmac" value="{{config.LanCardMAC}}"/></td>
> > >>> </tr>
> > >>> <tr>
> > >>> <th colspan="4" class="thead"><b> Configuration
> > >>> parameters</b>
> > >>> </th>
> > >>> </tr>
> > >>> <tr>
> > >>> <td>Replication frequency</td>
> > >>> <td>
> > >>> <select id="freq">
> > >>> <option {% if
> config.MasterBackupFrequency = "daily" %}
> > >>> selected="selected"{% endif %}>daily</option>
> > >>> <option {% if
> config.MasterBackupFrequency = "Monday" %}
> > >>> selected="selected"{% endif %}>Monday</option>
> > >>> <option {% if
> config.MasterBackupFrequency = "Thusday" %}
> > >>> selected="selected"{% endif %}>Thusday</option>
> > >>> <option {% if
> config.MasterBackupFrequency = "Wednesday" %}
> > >>> selected="selected"{% endif %}>Wednesday</option>
> > >>> <option {% if
> config.MasterBackupFrequency = "Thursday" %}
> > >>> selected="selected"{% endif %}>Thursday</option>
> > >>> <option {% if
> config.MasterBackupFrequency = "Friday" %}
> > >>> selected="selected"{% endif %}>Friday</option>
> > >>> <option {% if
> config.MasterBackupFrequency = "Saturday" %}
> > >>> selected="selected"{% endif %}>Saturday</option>
> > >>> <option {% if
> config.MasterBackupFrequency = "Sunday" %}
> > >>> selected="selected"{% endif %}>Sunday</option>
> > >>> </select>
> > >>> </td>
> > >>> <td>Replication time</td>
> > >>> <td><input style="width: 40%;" id="backuptime"
> > >>> value="{{config.MasterBackupStartTime}}"/></td>
> > >>> </tr>
> > >>> <tr>
> > >>> <td valign="top">Slave deactivated application</td>
> > >>> <td style="width: 20%;"><span id="appl">
> > >>> {% for appl in config.SlaveDeactAppl %}
> > >>> {{ appl }}<br>
> > >>> {% endfor %}
> > >>> </span></td>
> > >>> <td valign="top">Slave deactivated scripts</td>
> > >>> <td style="width: 20%;"><span
> >
> > ...
> >
> > read more ยป
>
> --
> You received this message because you are subscribed to the Google Groups
> "Django users" group.
> To post to this group, send email to django-users@googlegroups.com.
> To unsubscribe from this group, send email to
> django-users+unsubscr...@googlegroups.com.
> For more options, visit this group at
> http://groups.google.com/group/django-users?hl=en.
>
>
--
You received this message because you are subscribed to the Google Groups
"Django users" group.
To post to this group, send email to django-users@googlegroups.com.
To unsubscribe from this group, send email to
django-users+unsubscr...@googlegroups.com.
For more options, visit this group at
http://groups.google.com/group/django-users?hl=en.
