>> Obviously this isn't an ideal or secure way of doing things and what I originally tried was sending a POST request, but this gets denied with a 403 and a message about not having a CSRF cookie attached.
I haven't developed anything with Android but it sounds like you need to send a CSRF in your post request, this can be done in JS, see: https://docs.djangoproject.com/en/dev/ref/contrib/csrf/#ajax See also this: http://stackoverflow.com/questions/9252360/android-sending-post-requests-to-django-server-csrf-failing On Wednesday, February 12, 2014 8:41:24 AM UTC-5, Ethan Lowry wrote: > > Hi there, > > I have a bare-bones Django app set up and am planning on using the built > in Django user auth to manage log in and registration via the Android app > I'm developing. > > I've tried this a number of ways and can, for example, log in by sending a > GET request such as ([url]/login?username=[username]&password=[password]) > and returning a JSON representation of the user if its valid. > > Obviously this isn't an ideal or secure way of doing things and what I > originally tried was sending a POST request, but this gets denied with a > 403 and a message about not having a CSRF cookie attached. > I did some reading up and get roughly what this is but could not find any > mention of how to get around this issue if you have to send post request > from another application as in my case - is it possible to do something > like make a get request to Django and take a usable cookie from the > response and attach it to my POST request before sending? > > If anyone knows much about this issue, or has any general advice or best > practices regarding Django authentication on a mobile app, I'd much > appreciate it. > > Thanks, > Ethan > -- You received this message because you are subscribed to the Google Groups "Django users" group. To unsubscribe from this group and stop receiving emails from it, send an email to [email protected]. To post to this group, send email to [email protected]. Visit this group at http://groups.google.com/group/django-users. To view this discussion on the web visit https://groups.google.com/d/msgid/django-users/de2a1ccf-04cb-4ddb-adcb-ec1171ae6bbc%40googlegroups.com. For more options, visit https://groups.google.com/groups/opt_out.
