{% csrf_token %} introduces a hidden field into your form that will be
posted. Second, request.raw_post_data is going to be form-encoded, so it
will look like "csrf_token=adsjadsf&body=<the contents of the tweat>"
(generally you would only use raw_post_data for binary files and the like).
To get it working quickly, use request.POST['body'] instead (you'll need to
think about sanitizing; what happens on display if a user has included
Javascript in the message).
tj
On Monday, January 14, 2013 11:08:22 AM UTC-7, Rahul Gaur wrote:
>
> Hi,
> I am working on a Project which implements micro blogging(river flow)
> like twitter.
>
> I made a django app for this and here is the snippet of the models.py
>
> I registered the app with 'admin'
>
> class uPost(models.Model):
> body = models.TextField(max_length=150)
> author = models.ForeignKey(auth.User)
> pub_date = models.DateTimeField('Date')
>
> def __unicode__(self):
> return (self.body)
>
> def get_author_url(self):
> return "/u/%s/p/0" % (self.author)
>
> class Meta:
>
> ordering = ['-pub_date']
>
>
> here is snippet from post.html page
>
> <form action="/tweet/" method="post">
> {% csrf_token %}
> <ul>
> <table>
> <li><p><label for="id_body">Report a Story:</label> <textarea id="id_body"
> rows="2" cols="40" name="body"></textarea></p></li>
> <li><p><input type="submit" value="Post"></p></li>
> </table>
> </ul>
> </form>
>
> # I use this to post the tweet and below is the
>
> #views.py function
>
> def tweet(request):
> assert(request.method=='POST')
> body = smart_unicode(request.raw_post_data)
> topic = uPost(body=body, author=request.user)
> topic.pub_date = datetime.datetime.today()
> topic.save()
> return HttpResponseRedirect("/riverflow") # calls the function views
> function that list all post in the timeline
>
>
> When I use the post.html
>
>
> OutPut I get when I post any tweet with the above FORM and Views func def
> tweet
>
>
>
> csrfmiddlewaretoken=eTqlKTZe9AyMiudycqENAJxoLn9WXjA9&body=hmm+just+check+ing+%21
>
> @aregee Jan. 14, 2013, 11:33 a.m.
>
>
> It has to do something with the CSRF middleware token right ?
>
> I tried to use @csrf_exempt decorator in my views function,that does
> remove csrfmiddlewaretoken =*& post the following on the timeline
> "body=MESSAGEPOSTED "
>
> What am I doing wrong here .?
>
>
>
>
> -------------------------------------------------------------------------------------------------------
> *Rahul Gaur*
> *irc : iamaregee2*
> *web: *http://www.rahulgaur.info*
> *
> *blogs : *aregee.wordpress.com , <http://sanencynicalwriter.wordpress.com/>
> http://sanencynicalwriter.wordpress.com/
> *fb:* http://facebook.com/iamaregee
> *github: *https://github.com/aregee
>
>
--
You received this message because you are subscribed to the Google Groups
"Django users" group.
To view this discussion on the web visit
https://groups.google.com/d/msg/django-users/-/4fWZdPC1GUUJ.
To post to this group, send email to django-users@googlegroups.com.
To unsubscribe from this group, send email to
django-users+unsubscr...@googlegroups.com.
For more options, visit this group at
http://groups.google.com/group/django-users?hl=en.
